[openssl] master update

[shane . lontis]

The branch master has been updated
   via  f22431f2cd9e96cf75fd020c6e5019ff58f710cf (commit)
  from  ecae0575103918868b29cc11aa35e3b91fe7dcc8 (commit)


- Log -
commit f22431f2cd9e96cf75fd020c6e5019ff58f710cf
Author: Shane Lontis 
Date:   Wed Sep 18 15:57:08 2019 +1000

Add IDEA ciphers to default provider

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/9917)

---

Summary of changes:
 crypto/evp/evp_enc.c   |   4 +
 providers/common/include/internal/provider_algs.h  |   6 +
 providers/default/ciphers/build.info   |   5 +
 providers/default/ciphers/cipher_idea.c|  46 ++
 .../ciphers/{cipher_blowfish.h => cipher_idea.h}   |  16 +-
 providers/default/ciphers/cipher_idea_hw.c |  56 +++
 providers/default/defltprov.c  |   6 +
 test/recipes/30-test_evp.t |   2 +
 test/recipes/30-test_evp_data/evpciph_idea.txt | 555 +
 9 files changed, 688 insertions(+), 8 deletions(-)
 create mode 100644 providers/default/ciphers/cipher_idea.c
 copy providers/default/ciphers/{cipher_blowfish.h => cipher_idea.h} (55%)
 create mode 100644 providers/default/ciphers/cipher_idea_hw.c
 create mode 100644 test/recipes/30-test_evp_data/evpciph_idea.txt

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 9a4e40d9a9..b0eff2d528 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -235,6 +235,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const 
EVP_CIPHER *cipher,
 case NID_bf_ecb:
 case NID_bf_cfb64:
 case NID_bf_ofb64:
+case NID_idea_cbc:
+case NID_idea_ecb:
+case NID_idea_cfb64:
+case NID_idea_ofb64:
 break;
 default:
 goto legacy;
diff --git a/providers/common/include/internal/provider_algs.h 
b/providers/common/include/internal/provider_algs.h
index 5f54612b0a..9e0a96e9ad 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -122,6 +122,12 @@ extern const OSSL_DISPATCH blowfish128cbc_functions[];
 extern const OSSL_DISPATCH blowfish64ofb64_functions[];
 extern const OSSL_DISPATCH blowfish64cfb64_functions[];
 #endif /* OPENSSL_NO_BF */
+#ifndef OPENSSL_NO_IDEA
+extern const OSSL_DISPATCH idea128ecb_functions[];
+extern const OSSL_DISPATCH idea128cbc_functions[];
+extern const OSSL_DISPATCH idea128ofb64_functions[];
+extern const OSSL_DISPATCH idea128cfb64_functions[];
+#endif /* OPENSSL_NO_IDEA */
 
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
diff --git a/providers/default/ciphers/build.info 
b/providers/default/ciphers/build.info
index a4ca5cc6c8..3722215daf 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -24,4 +24,9 @@ IF[{- !$disabled{bf} -}]
   cipher_blowfish.c cipher_blowfish_hw.c
 ENDIF
 
+IF[{- !$disabled{idea} -}]
+  SOURCE[../../../libcrypto]=\
+  cipher_idea.c cipher_idea_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_idea.c 
b/providers/default/ciphers/cipher_idea.c
new file mode 100644
index 00..6bb5419b6d
--- /dev/null
+++ b/providers/default/ciphers/cipher_idea.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for Idea cipher modes ecb, cbc, ofb, cfb */
+
+#include "cipher_idea.h"
+#include "internal/provider_algs.h"
+
+static OSSL_OP_cipher_freectx_fn idea_freectx;
+static OSSL_OP_cipher_dupctx_fn idea_dupctx;
+
+static void idea_freectx(void *vctx)
+{
+PROV_IDEA_CTX *ctx = (PROV_IDEA_CTX *)vctx;
+
+OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *idea_dupctx(void *ctx)
+{
+PROV_IDEA_CTX *in = (PROV_IDEA_CTX *)ctx;
+PROV_IDEA_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+if (ret == NULL) {
+ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+return NULL;
+}
+*ret = *in;
+
+return ret;
+}
+
+/* idea128ecb_functions */
+IMPLEMENT_generic_cipher(idea, IDEA, ecb, ECB, 0, 128, 64, 0, block)
+/* idea128cbc_functions */
+IMPLEMENT_generic_cipher(idea, IDEA, cbc, CBC, 0, 128, 64, 64, block)
+/* idea128ofb64_functions */
+IMPLEMENT_generic_cipher(idea, IDEA, ofb64, OFB, 0, 128, 8, 64, stream)
+/* idea128cfb64_functions */
+IMPLEMENT_generic_cipher(idea, IDEA, cfb64,  CFB, 0, 128, 8, 64, stream)
diff --git a/providers/default/ciphers/cipher_blowfish.h 

Still Failing: openssl/openssl#28381 (master - 793374c)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28381
Status: Still Failing

Duration: 29 mins and 31 secs
Commit: 793374c (master)
Author: Shane Lontis
Message: Fix Coverity CID:1453685 'unreachable code' in aes_xts code.

Reviewed-by: Richard Levitte 
Reviewed-by: Kurt Roeckx 
(Merged from https://github.com/openssl/openssl/pull/9902)

View the changeset: 
https://github.com/openssl/openssl/compare/d5d32e784dd2...793374c82abd

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/586375681?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still Failing: openssl/openssl#28380 (master - d5d32e7)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28380
Status: Still Failing

Duration: 20 mins and 3 secs
Commit: d5d32e7 (master)
Author: Richard Levitte
Message: crypto/bn/build.info: Correct use of SSE2 definition

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9879)

View the changeset: 
https://github.com/openssl/openssl/compare/dbcc7b456704...d5d32e784dd2

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/586373831?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

[shane . lontis]

The branch master has been updated
   via  ecae0575103918868b29cc11aa35e3b91fe7dcc8 (commit)
  from  793374c82abd3215ec33d989810214a871849eda (commit)


- Log -
commit ecae0575103918868b29cc11aa35e3b91fe7dcc8
Author: Shane Lontis 
Date:   Wed Sep 18 15:26:19 2019 +1000

Fix Compiler error/warning for windows icl build

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9907)

---

Summary of changes:
 include/internal/refcount.h | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/include/internal/refcount.h b/include/internal/refcount.h
index eddf12415f..1619b28932 100644
--- a/include/internal/refcount.h
+++ b/include/internal/refcount.h
@@ -73,6 +73,21 @@ static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, 
void *lock)
 __atomic_thread_fence(__ATOMIC_ACQUIRE);
 return 1;
 }
+#  elif defined(__ICL) && defined(_WIN32)
+#   define HAVE_ATOMICS 1
+typedef volatile int CRYPTO_REF_COUNT;
+
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+{
+*ret = _InterlockedExchangeAdd((void *)val, 1) + 1;
+return 1;
+}
+
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+{
+*ret = _InterlockedExchangeAdd((void *)val, -1) - 1;
+return 1;
+}
 
 #  elif defined(_MSC_VER) && _MSC_VER>=1200
 

[openssl] master update

[shane . lontis]

The branch master has been updated
   via  793374c82abd3215ec33d989810214a871849eda (commit)
  from  d5d32e784dd2ac25b3c773893f94484bcda5a23d (commit)


- Log -
commit 793374c82abd3215ec33d989810214a871849eda
Author: Shane Lontis 
Date:   Wed Sep 18 15:20:30 2019 +1000

Fix Coverity CID:1453685 'unreachable code' in aes_xts code.

Reviewed-by: Richard Levitte 
Reviewed-by: Kurt Roeckx 
(Merged from https://github.com/openssl/openssl/pull/9902)

---

Summary of changes:
 providers/common/ciphers/cipher_aes_xts.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/providers/common/ciphers/cipher_aes_xts.c 
b/providers/common/ciphers/cipher_aes_xts.c
index c85475442b..0d642368b3 100644
--- a/providers/common/ciphers/cipher_aes_xts.c
+++ b/providers/common/ciphers/cipher_aes_xts.c
@@ -176,7 +176,6 @@ static int aes_xts_cipher(void *vctx, unsigned char *out, 
size_t *outl,
 else if (CRYPTO_xts128_encrypt(>xts, ctx->base.iv, in, out, inl,
ctx->base.enc))
 return 0;
-return 1;
 
 *outl = inl;
 return 1;
@@ -198,7 +197,6 @@ static int aes_xts_stream_update(void *vctx, unsigned char 
*out, size_t *outl,
 return 0;
 }
 
-*outl = inl;
 return 1;
 }
 

[openssl] master update

[Richard Levitte]

The branch master has been updated
   via  d5d32e784dd2ac25b3c773893f94484bcda5a23d (commit)
  from  dbcc7b45670483cc89428afe1d3c363ef83d76df (commit)


- Log -
commit d5d32e784dd2ac25b3c773893f94484bcda5a23d
Author: Richard Levitte 
Date:   Thu Sep 12 13:27:52 2019 +0200

crypto/bn/build.info: Correct use of SSE2 definition

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9879)

---

Summary of changes:
 crypto/bn/build.info | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 669256d8e3..18b5950f6d 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -96,7 +96,7 @@ IF[{- !$disabled{asm} -}]
   $BNDEF=$BNDEF $BNDEF_{- $target{asm_arch} -}_ec2m
 ENDIF
 IF[{- !$disabled{sse2} -}]
-  DEFINE[]=$BNDEF_{- $target{asm_arch} -}_sse2
+  $BNDEF=$BNDEF $BNDEF_{- $target{asm_arch} -}_sse2
 ENDIF
   ENDIF
 ENDIF

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dso

Commit log since last time:

dbcc7b4567 apps/pkcs12: print multiple PKCS#12 safeBag attribute values if 
present
8c95977fbf Fix Solaris aes_hw_t4 compile issue

Build log ended with (last 100 lines):

40-test_rehash.t ... ok
60-test_x509_check_cert_pkey.t . ok
60-test_x509_dup_cert.t  ok
60-test_x509_store.t ... ok
60-test_x509_time.t  ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . skipped: test_comp needs the dynamic 
engine feature enabled
70-test_key_share.t  skipped: test_key_share needs the dynamic 
engine feature enabled
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  skipped: test_renegotiation needs the 
dynamic engine feature enabled
70-test_servername.t ... ok
70-test_sslcbcpadding.t  skipped: test_sslcbcpadding needs the 
dynamic engine feature enabled
70-test_sslcertstatus.t  skipped: test_sslcertstatus needs the 
dynamic engine feature enabled
70-test_sslextension.t . skipped: test_sslextension needs the 
dynamic engine feature enabled
70-test_sslmessages.t .. skipped: test_sslmessages needs the 
dynamic engine feature enabled
70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic 
engine feature enabled
70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the 
dynamic engine feature enabled
70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic 
engine feature enabled
70-test_sslsignature.t . skipped: test_sslsignature needs the 
dynamic engine feature enabled
70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the 
dynamic engine feature enabled
70-test_sslversions.t .. skipped: test_sslversions needs the 
dynamic engine feature enabled
70-test_sslvertol.t  skipped: test_sslextension needs the 
dynamic engine feature enabled
70-test_tls13alerts.t .. skipped: test_tls13alerts needs the 
dynamic engine feature enabled
70-test_tls13cookie.t .. skipped: test_tls13cookie needs the 
dynamic engine feature enabled
70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the 
dynamic engine feature enabled
70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic 
engine feature enabled
70-test_tls13kexmodes.t  skipped: test_tls13kexmodes needs the 
dynamic engine feature enabled
70-test_tls13messages.t  skipped: test_tls13messages needs the 
dynamic engine feature enabled
70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic 
engine feature enabled
70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic 
engine feature enabled
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . skipped: GOST support is disabled in this 
OpenSSL build
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . skipped: Only supported in no-shared builds
90-test_secmem.t ... ok
90-test_shlibload.t  skipped: Test only supported in a dso build
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t 

Build completed: openssl master.27804

[AppVeyor]

Build openssl master.27804 completed



Commit 51f766442f by agnosticdev on 9/18/2019 1:56 AM:

issue-9893: Addressed documentation feedback


Configure your notification preferences

Build failed: openssl master.27803

[AppVeyor]

Build openssl master.27803 failed


Commit fa0b42adad by Ilya Tokar on 8/14/2019 9:33 PM:

Save frame pointer in sha1.


Configure your notification preferences

Build failed: openssl master.27800

[AppVeyor]

Build openssl master.27800 failed


Commit ee9a4b666d by Robbie Harwood on 9/10/2019 9:46 PM:

[KDF] Add KBKDF implementation for counter-mode HMAC


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-pic

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-pic

Commit log since last time:

3b2f8c771a Fix building statically without any dso support
1aa89a7a3a Unify all assembler file generators
a1c8befd66 build.info: For all assembler generators, remove all arguments
593d5c2fad Build files: Unify standard arguments for assembler generating scrips
6ef03ea98f clearing the ecx private key memory
1ce6044206 Avoid mentioning ctrl_str in the MAC documentation.
2710e8a888 Use "PARAMETERS" in the documentation headings.

Build log ended with (last 100 lines):

40-test_rehash.t ... ok
60-test_x509_check_cert_pkey.t . ok
60-test_x509_dup_cert.t  ok
60-test_x509_store.t ... ok
60-test_x509_time.t  ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . skipped: test_comp needs the dynamic 
engine feature enabled
70-test_key_share.t  skipped: test_key_share needs the dynamic 
engine feature enabled
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  skipped: test_renegotiation needs the 
dynamic engine feature enabled
70-test_servername.t ... ok
70-test_sslcbcpadding.t  skipped: test_sslcbcpadding needs the 
dynamic engine feature enabled
70-test_sslcertstatus.t  skipped: test_sslcertstatus needs the 
dynamic engine feature enabled
70-test_sslextension.t . skipped: test_sslextension needs the 
dynamic engine feature enabled
70-test_sslmessages.t .. skipped: test_sslmessages needs the 
dynamic engine feature enabled
70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic 
engine feature enabled
70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the 
dynamic engine feature enabled
70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic 
engine feature enabled
70-test_sslsignature.t . skipped: test_sslsignature needs the 
dynamic engine feature enabled
70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the 
dynamic engine feature enabled
70-test_sslversions.t .. skipped: test_sslversions needs the 
dynamic engine feature enabled
70-test_sslvertol.t  skipped: test_sslextension needs the 
dynamic engine feature enabled
70-test_tls13alerts.t .. skipped: test_tls13alerts needs the 
dynamic engine feature enabled
70-test_tls13cookie.t .. skipped: test_tls13cookie needs the 
dynamic engine feature enabled
70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the 
dynamic engine feature enabled
70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic 
engine feature enabled
70-test_tls13kexmodes.t  skipped: test_tls13kexmodes needs the 
dynamic engine feature enabled
70-test_tls13messages.t  skipped: test_tls13messages needs the 
dynamic engine feature enabled
70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic 
engine feature enabled
70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic 
engine feature enabled
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . skipped: GOST support is disabled in this 
OpenSSL build
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  skipped: Test only supported in a shared 
build
90-test_srp.t .. ok

[openssl] OpenSSL_1_1_0-stable update

[nic . tuv]

The branch OpenSSL_1_1_0-stable has been updated
   via  a3b54f0f5de1ad17889fd23aee7c230eefc300cd (commit)
  from  4eabf3d6541e83ae4443384ca3c4cf516930bfd8 (commit)


- Log -
commit a3b54f0f5de1ad17889fd23aee7c230eefc300cd
Author: Nicola Tuveri 
Date:   Thu Sep 12 01:57:47 2019 +0300

Fix no-ec2m in ec_curve.c (1.1.0)

I made a mistake in d4a5dac9f9242c580fb9d0a4389440eccd3494a7 and
inverted the GF2m and GFp calls in ec_point_get_affine_coordinates, this
fixes it.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9873)

---

Summary of changes:
 crypto/ec/ec_curve.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 2d28d7f70b..6a58b3a23e 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -3200,11 +3200,11 @@ int ec_point_get_affine_coordinates(const EC_GROUP 
*group,
 
 #ifndef OPENSSL_NO_EC2M
 if (field_nid == NID_X9_62_characteristic_two_field) {
-return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
+return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx);
 } else
 #endif /* !def(OPENSSL_NO_EC2M) */
 if (field_nid == NID_X9_62_prime_field) {
-return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx);
+return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
 } else {
 /* this should never happen */
 return 0;

Build completed: openssl master.27791

[AppVeyor]

Build openssl master.27791 completed



Commit dbcc7b4567 by Jon Spillett on 9/17/2019 8:57 AM:

apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present


Configure your notification preferences

Still Failing: openssl/openssl#28363 (OpenSSL_1_1_1-stable - 58f0a4f)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28363
Status: Still Failing

Duration: 10 mins and 26 secs
Commit: 58f0a4f (OpenSSL_1_1_1-stable)
Author: Jon Spillett
Message: apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present

Currently the pkcs12 app will only ever print the first value of a multi-value
attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) but
may miss values for other attributes.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/9751)

(cherry picked from commit dbcc7b45670483cc89428afe1d3c363ef83d76df)

View the changeset: 
https://github.com/openssl/openssl/compare/8dcd57461972...58f0a4f16b6e

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/585965865?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still Failing: openssl/openssl#28362 (master - dbcc7b4)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28362
Status: Still Failing

Duration: 14 mins and 52 secs
Commit: dbcc7b4 (master)
Author: Jon Spillett
Message: apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present

Currently the pkcs12 app will only ever print the first value of a multi-value
attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) but
may miss values for other attributes.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/9751)

View the changeset: 
https://github.com/openssl/openssl/compare/8c95977fbf40...dbcc7b456704

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/585963953?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] OpenSSL_1_1_1-stable update

[matthias . st . pierre]

The branch OpenSSL_1_1_1-stable has been updated
   via  58f0a4f16b6e7f876f8ba68e4e850304a729cd5c (commit)
  from  8dcd57461972dceaaf014b71d173d0a8758e7054 (commit)


- Log -
commit 58f0a4f16b6e7f876f8ba68e4e850304a729cd5c
Author: Jon Spillett 
Date:   Mon Sep 2 10:06:29 2019 +1000

apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present

Currently the pkcs12 app will only ever print the first value of a 
multi-value
attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) 
but
may miss values for other attributes.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/9751)

(cherry picked from commit dbcc7b45670483cc89428afe1d3c363ef83d76df)

---

Summary of changes:
 CHANGES   |  4 +++-
 apps/pkcs12.c | 64 +++
 2 files changed, 41 insertions(+), 27 deletions(-)

diff --git a/CHANGES b/CHANGES
index 18e47078b6..a10d679ddb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,9 @@
 
  Changes between 1.1.1d and 1.1.1e [xx XXX ]
 
-  *)
+  *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
+ the first value.
+ [Jon Spillett]
 
  Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
 
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index d0600b3760..3603b60c19 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const 
STACK_OF(PKCS12_SAFEBAG) *bags,
 int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
  const char *pass, int passlen,
  int options, char *pempass, const EVP_CIPHER *enc);
+void print_attribute(BIO *out, const ASN1_TYPE *av);
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
   const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 return ret;
 }
 
+/* Generalised x509 attribute value print */
+
+void print_attribute(BIO *out, const ASN1_TYPE *av)
+{
+char *value;
+
+switch (av->type) {
+case V_ASN1_BMPSTRING:
+value = OPENSSL_uni2asc(av->value.bmpstring->data,
+av->value.bmpstring->length);
+BIO_printf(out, "%s\n", value);
+OPENSSL_free(value);
+break;
+
+case V_ASN1_OCTET_STRING:
+hex_prin(out, av->value.octet_string->data,
+ av->value.octet_string->length);
+BIO_printf(out, "\n");
+break;
+
+case V_ASN1_BIT_STRING:
+hex_prin(out, av->value.bit_string->data,
+ av->value.bit_string->length);
+BIO_printf(out, "\n");
+break;
+
+default:
+BIO_printf(out, "\n", av->type);
+break;
+}
+}
+
 /* Generalised attribute print: handle PKCS#8 and bag attributes */
 
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
@@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) 
*attrlst,
 {
 X509_ATTRIBUTE *attr;
 ASN1_TYPE *av;
-char *value;
-int i, attr_nid;
+int i, j, attr_nid;
 if (!attrlst) {
 BIO_printf(out, "%s: \n", name);
 return 1;
@@ -910,30 +942,10 @@ int print_attribs(BIO *out, const 
STACK_OF(X509_ATTRIBUTE) *attrlst,
 }
 
 if (X509_ATTRIBUTE_count(attr)) {
-av = X509_ATTRIBUTE_get0_type(attr, 0);
-switch (av->type) {
-case V_ASN1_BMPSTRING:
-value = OPENSSL_uni2asc(av->value.bmpstring->data,
-av->value.bmpstring->length);
-BIO_printf(out, "%s\n", value);
-OPENSSL_free(value);
-break;
-
-case V_ASN1_OCTET_STRING:
-hex_prin(out, av->value.octet_string->data,
- av->value.octet_string->length);
-BIO_printf(out, "\n");
-break;
-
-case V_ASN1_BIT_STRING:
-hex_prin(out, av->value.bit_string->data,
- av->value.bit_string->length);
-BIO_printf(out, "\n");
-break;
-
-default:
-BIO_printf(out, "\n", av->type);
-break;
+for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
+{
+av = X509_ATTRIBUTE_get0_type(attr, j);
+print_attribute(out, av);
 }
 } else {
 BIO_printf(out, "\n");

Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

3b2f8c771a Fix building statically without any dso support
1aa89a7a3a Unify all assembler file generators
a1c8befd66 build.info: For all assembler generators, remove all arguments
593d5c2fad Build files: Unify standard arguments for assembler generating scrips
6ef03ea98f clearing the ecx private key memory
1ce6044206 Avoid mentioning ctrl_str in the MAC documentation.
2710e8a888 Use "PARAMETERS" in the documentation headings.

Build log ended with (last 100 lines):

40-test_rehash.t ... ok
60-test_x509_check_cert_pkey.t . ok
60-test_x509_dup_cert.t  ok
60-test_x509_store.t ... ok
60-test_x509_time.t  ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . skipped: test_comp needs the dynamic 
engine feature enabled
70-test_key_share.t  skipped: test_key_share needs the dynamic 
engine feature enabled
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  skipped: test_renegotiation needs the 
dynamic engine feature enabled
70-test_servername.t ... ok
70-test_sslcbcpadding.t  skipped: test_sslcbcpadding needs the 
dynamic engine feature enabled
70-test_sslcertstatus.t  skipped: test_sslcertstatus needs the 
dynamic engine feature enabled
70-test_sslextension.t . skipped: test_sslextension needs the 
dynamic engine feature enabled
70-test_sslmessages.t .. skipped: test_sslmessages needs the 
dynamic engine feature enabled
70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic 
engine feature enabled
70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the 
dynamic engine feature enabled
70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic 
engine feature enabled
70-test_sslsignature.t . skipped: test_sslsignature needs the 
dynamic engine feature enabled
70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the 
dynamic engine feature enabled
70-test_sslversions.t .. skipped: test_sslversions needs the 
dynamic engine feature enabled
70-test_sslvertol.t  skipped: test_sslextension needs the 
dynamic engine feature enabled
70-test_tls13alerts.t .. skipped: test_tls13alerts needs the 
dynamic engine feature enabled
70-test_tls13cookie.t .. skipped: test_tls13cookie needs the 
dynamic engine feature enabled
70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the 
dynamic engine feature enabled
70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic 
engine feature enabled
70-test_tls13kexmodes.t  skipped: test_tls13kexmodes needs the 
dynamic engine feature enabled
70-test_tls13messages.t  skipped: test_tls13messages needs the 
dynamic engine feature enabled
70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic 
engine feature enabled
70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic 
engine feature enabled
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . skipped: GOST support is disabled in this 
OpenSSL build
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  skipped: Test only supported in a shared 
build
90-test_srp.t 

[openssl] master update

[matthias . st . pierre]

The branch master has been updated
   via  dbcc7b45670483cc89428afe1d3c363ef83d76df (commit)
  from  8c95977fbf401df72c9a236348130ba4483d7691 (commit)


- Log -
commit dbcc7b45670483cc89428afe1d3c363ef83d76df
Author: Jon Spillett 
Date:   Mon Sep 2 10:06:29 2019 +1000

apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present

Currently the pkcs12 app will only ever print the first value of a 
multi-value
attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) 
but
may miss values for other attributes.

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/9751)

---

Summary of changes:
 CHANGES   |  4 
 apps/pkcs12.c | 64 +++
 2 files changed, 42 insertions(+), 26 deletions(-)

diff --git a/CHANGES b/CHANGES
index 65b344efe4..c32f768fc8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX ]
 
+  *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
+ the first value.
+ [Jon Spillett]
+
   *) Deprecated the public definition of ERR_STATE as well as the function
  ERR_get_state().  This is done in preparation of making ERR_STATE an
  opaque type.
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 407340b388..902b75029c 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const 
STACK_OF(PKCS12_SAFEBAG) *bags,
 int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
  const char *pass, int passlen,
  int options, char *pempass, const EVP_CIPHER *enc);
+void print_attribute(BIO *out, const ASN1_TYPE *av);
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
   const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 return ret;
 }
 
+/* Generalised x509 attribute value print */
+
+void print_attribute(BIO *out, const ASN1_TYPE *av)
+{
+char *value;
+
+switch (av->type) {
+case V_ASN1_BMPSTRING:
+value = OPENSSL_uni2asc(av->value.bmpstring->data,
+av->value.bmpstring->length);
+BIO_printf(out, "%s\n", value);
+OPENSSL_free(value);
+break;
+
+case V_ASN1_OCTET_STRING:
+hex_prin(out, av->value.octet_string->data,
+ av->value.octet_string->length);
+BIO_printf(out, "\n");
+break;
+
+case V_ASN1_BIT_STRING:
+hex_prin(out, av->value.bit_string->data,
+ av->value.bit_string->length);
+BIO_printf(out, "\n");
+break;
+
+default:
+BIO_printf(out, "\n", av->type);
+break;
+}
+}
+
 /* Generalised attribute print: handle PKCS#8 and bag attributes */
 
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
@@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) 
*attrlst,
 {
 X509_ATTRIBUTE *attr;
 ASN1_TYPE *av;
-char *value;
-int i, attr_nid;
+int i, j, attr_nid;
 if (!attrlst) {
 BIO_printf(out, "%s: \n", name);
 return 1;
@@ -910,30 +942,10 @@ int print_attribs(BIO *out, const 
STACK_OF(X509_ATTRIBUTE) *attrlst,
 }
 
 if (X509_ATTRIBUTE_count(attr)) {
-av = X509_ATTRIBUTE_get0_type(attr, 0);
-switch (av->type) {
-case V_ASN1_BMPSTRING:
-value = OPENSSL_uni2asc(av->value.bmpstring->data,
-av->value.bmpstring->length);
-BIO_printf(out, "%s\n", value);
-OPENSSL_free(value);
-break;
-
-case V_ASN1_OCTET_STRING:
-hex_prin(out, av->value.octet_string->data,
- av->value.octet_string->length);
-BIO_printf(out, "\n");
-break;
-
-case V_ASN1_BIT_STRING:
-hex_prin(out, av->value.bit_string->data,
- av->value.bit_string->length);
-BIO_printf(out, "\n");
-break;
-
-default:
-BIO_printf(out, "\n", av->type);
-break;
+for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
+{
+av = X509_ATTRIBUTE_get0_type(attr, j);
+print_attribute(out, av);
 }
 } else {
 BIO_printf(out, "\n");

Build failed: openssl master.27790

[AppVeyor]

Build openssl master.27790 failed


Commit 818506b837 by Jon Spillett on 9/17/2019 5:48 AM:

Add option grouping to pkcs12 app


Configure your notification preferences