Still Failing: openssl/openssl#35025 (master - bac8d06)
Build Update for openssl/openssl - Build: #35025 Status: Still Failing Duration: 1 hr, 7 mins, and 54 secs Commit: bac8d06 (master) Author: Pauli Message: ossl_shim: use the correct ticket key call back. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11966) View the changeset: https://github.com/openssl/openssl/compare/4f65bc6f8fc4...bac8d066a595 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692010963?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build failed: openssl master.34472
Build openssl master.34472 failed Commit ce35b66dde by Pauli on 5/28/2020 4:05 AM: rand: remove deprecated RAND_event and RAND_screen functions Configure your notification preferences
[openssl] master update
The branch master has been updated via 3d518d3d813da40195ff9fe5f4567ab9f09ddcc9 (commit) from bac8d066a595454e3f4a75e6e155a9d5b99ce4ea (commit) - Log - commit 3d518d3d813da40195ff9fe5f4567ab9f09ddcc9 Author: Shane Lontis Date: Wed May 27 12:10:52 2020 +1000 Fix errtest for older compilers Some older compilers use "unknown function" if they dont support __func, so the test using ERR_PUT_error needed to compensate for this when comparing against the expected value. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11967) --- Summary of changes: test/errtest.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/test/errtest.c b/test/errtest.c index cc2f6612d1..9adf4ca917 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -10,6 +10,7 @@ #include #include #include +#include #include "testutil.h" @@ -24,17 +25,20 @@ static int test_print_error_format(void) { -static const char expected[] = -":error::system library:test_print_error_format:Operation not permitted:" +static const char expected_format[] = +":error::system library:%s:Operation not permitted:" # ifndef OPENSSL_NO_FILENAMES "errtest.c:30:"; # else ":0:"; # endif +char expected[256]; char *out = NULL, *p = NULL; int ret = 0, len; BIO *bio = NULL; +BIO_snprintf(expected, sizeof(expected), expected_format, OPENSSL_FUNC); + if (!TEST_ptr(bio = BIO_new(BIO_s_mem( return 0;
Build failed: openssl master.34470
Build openssl master.34470 failed Commit 219de9e766 by Pauli on 5/27/2020 3:37 AM: fips: DRBG KATs Configure your notification preferences
[openssl] master update
The branch master has been updated via bac8d066a595454e3f4a75e6e155a9d5b99ce4ea (commit) from 4f65bc6f8fc4464631a93002d99f61a4a75b4552 (commit) - Log - commit bac8d066a595454e3f4a75e6e155a9d5b99ce4ea Author: Pauli Date: Wed May 27 07:26:46 2020 +1000 ossl_shim: use the correct ticket key call back. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11966) --- Summary of changes: test/ossl_shim/ossl_shim.cc | 25 - test/ossl_shim/test_config.cc | 2 -- test/ossl_shim/test_config.h | 2 -- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 0bdf5dd451..3ebe31b7dd 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * HMAC low level APIs are deprecated for public use but might be used here. - */ -#define OPENSSL_SUPPRESS_DEPRECATED - #if !defined(__STDC_FORMAT_MACROS) #define __STDC_FORMAT_MACROS #endif @@ -374,10 +369,11 @@ static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { return 1; } -#ifndef OPENSSL_NO_DEPRECATED_3_0 static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, - EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx, int encrypt) { + OSSL_PARAM params[3], *p = params; + if (!encrypt) { if (GetTestState(ssl)->ticket_decrypt_done) { fprintf(stderr, "TicketKeyCallback called after completion.\n"); @@ -397,8 +393,14 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, return 0; } - if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) || - !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) { + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, kZeros, + sizeof(kZeros)); + *p = OSSL_PARAM_construct_end(); + + if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt) + || !EVP_MAC_init(hmac_ctx) + || !EVP_MAC_CTX_set_params(hmac_ctx, params)) { return -1; } @@ -407,7 +409,6 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, } return 1; } -#endif // kCustomExtensionValue is the extension value that the custom extension // callbacks will add. @@ -631,11 +632,9 @@ static bssl::UniquePtr SetupCtx(const TestConfig *config) { SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback); -#ifndef OPENSSL_NO_DEPRECATED_3_0 if (config->use_ticket_callback) { -SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback); +SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback); } -#endif if (config->enable_client_custom_extension && !SSL_CTX_add_client_custom_ext( diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc index b1a3fa3920..a37d010d7a 100644 --- a/test/ossl_shim/test_config.cc +++ b/test/ossl_shim/test_config.cc @@ -63,9 +63,7 @@ const Flag kBoolFlags[] = { { "-use-export-context", ::use_export_context }, { "-expect-ticket-renewal", ::expect_ticket_renewal }, { "-expect-no-session", ::expect_no_session }, -#ifndef OPENSSL_NO_DEPRECATED_3_0 { "-use-ticket-callback", ::use_ticket_callback }, -#endif { "-renew-ticket", ::renew_ticket }, { "-enable-client-custom-extension", ::enable_client_custom_extension }, diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h index 653554d995..6968a128ca 100644 --- a/test/ossl_shim/test_config.h +++ b/test/ossl_shim/test_config.h @@ -62,9 +62,7 @@ struct TestConfig { bool use_export_context = false; bool expect_ticket_renewal = false; bool expect_no_session = false; -#ifndef OPENSSL_NO_DEPRECATED_3_0 bool use_ticket_callback = false; -#endif bool renew_ticket = false; bool enable_client_custom_extension = false; bool enable_server_custom_extension = false;
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/ma n/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man 3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3
Still Failing: openssl/openssl#35019 (master - 4f65bc6)
Build Update for openssl/openssl - Build: #35019 Status: Still Failing Duration: 48 mins and 17 secs Commit: 4f65bc6 (master) Author: Pauli Message: fips: add AES OFB mode ciphers to FIPS provider. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11908) View the changeset: https://github.com/openssl/openssl/compare/77286fe3ec6b...4f65bc6f8fc4 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691933758?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 4f65bc6f8fc4464631a93002d99f61a4a75b4552 (commit) via 0839afa747cd0e0ef35179ed49dfd4a481fcc918 (commit) from 77286fe3ec6b9777934e67e35f3b7007143b0734 (commit) - Log - commit 4f65bc6f8fc4464631a93002d99f61a4a75b4552 Author: Pauli Date: Sat May 23 10:20:46 2020 +1000 fips: add AES OFB mode ciphers to FIPS provider. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11908) commit 0839afa747cd0e0ef35179ed49dfd4a481fcc918 Author: Pauli Date: Fri May 22 19:30:52 2020 +1000 fips: add AES CFB mode ciphers to FIPS provider. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11908) --- Summary of changes: providers/fips/fipsprov.c | 12 test/recipes/30-test_evp_data/evpciph.txt | 48 --- 2 files changed, 12 insertions(+), 48 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index bbf95b7505..31217202f2 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -390,6 +390,18 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ALG("AES-256-CBC", aes256cbc_functions), ALG("AES-192-CBC", aes192cbc_functions), ALG("AES-128-CBC", aes128cbc_functions), +ALG("AES-256-OFB", aes256ofb_functions), +ALG("AES-192-OFB", aes192ofb_functions), +ALG("AES-128-OFB", aes128ofb_functions), +ALG("AES-256-CFB", aes256cfb_functions), +ALG("AES-192-CFB", aes192cfb_functions), +ALG("AES-128-CFB", aes128cfb_functions), +ALG("AES-256-CFB1", aes256cfb1_functions), +ALG("AES-192-CFB1", aes192cfb1_functions), +ALG("AES-128-CFB1", aes128cfb1_functions), +ALG("AES-256-CFB8", aes256cfb8_functions), +ALG("AES-192-CFB8", aes192cfb8_functions), +ALG("AES-128-CFB8", aes128cfb8_functions), ALG("AES-256-CTR", aes256ctr_functions), ALG("AES-192-CTR", aes192ctr_functions), ALG("AES-128-CTR", aes128ctr_functions), diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index 4d7f9f0d94..4f7afd0e1d 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -259,7 +259,6 @@ Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B # AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec # CFB128-AES128.Encrypt Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -267,7 +266,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 3B3FD92EB72DAD20333449F8E83CFB4A Operation = ENCRYPT @@ -275,7 +273,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B Operation = ENCRYPT @@ -283,7 +280,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 26751F67A3CBB140B1808CF187A4F4DF Operation = ENCRYPT @@ -292,7 +288,6 @@ Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 # CFB128-AES128.Decrypt Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -300,7 +295,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 3B3FD92EB72DAD20333449F8E83CFB4A Operation = DECRYPT @@ -308,7 +302,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B Operation = DECRYPT @@ -316,7 +309,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF Cipher = AES-128-CFB -Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 26751F67A3CBB140B1808CF187A4F4DF Operation = DECRYPT @@ -325,7 +317,6 @@ Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 # CFB128-AES192.Encrypt Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -333,7 +324,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 Cipher = AES-192-CFB -Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV =
Failed: openssl/openssl#35017 (master - 77286fe)
Build Update for openssl/openssl - Build: #35017 Status: Failed Duration: 51 mins and 5 secs Commit: 77286fe (master) Author: Bernd Edlinger Message: Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/6074) View the changeset: https://github.com/openssl/openssl/compare/c74aaa3920f1...77286fe3ec6b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691858288?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via d03ffeaf45da6541875bff05b3f79d8dba355c97 (commit) from efdfc392aac6d56fe385223cd26687fa26ca9af3 (commit) - Log - commit d03ffeaf45da6541875bff05b3f79d8dba355c97 Author: Bernd Edlinger Date: Tue Apr 24 21:10:13 2018 +0200 Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/11781) --- Summary of changes: .travis.yml| 6 +++--- crypto/aes/aes_ige.c | 14 +- crypto/ec/ecp_nistp224.c | 9 + crypto/ec/ecp_nistp521.c | 33 + crypto/modes/cbc128.c | 19 ++- crypto/modes/ccm128.c | 22 -- crypto/modes/cfb128.c | 18 +- crypto/modes/ctr128.c | 11 +-- crypto/modes/gcm128.c | 22 ++ crypto/modes/modes_local.h | 12 ++-- crypto/modes/ofb128.c | 11 +-- crypto/modes/xts128.c | 24 crypto/whrlpool/wp_block.c | 32 +++- 13 files changed, 158 insertions(+), 75 deletions(-) diff --git a/.travis.yml b/.travis.yml index fe1b0f78fa..6cf1ba02c0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -57,7 +57,7 @@ matrix: apt: packages: - clang-6.0 - env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" MATRIX_EVAL="CC=clang-6.0 && CXX=clang++-6.0" + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" MATRIX_EVAL="CC=clang-6.0 && CXX=clang++-6.0" - os: linux arch: s390x compiler: gcc @@ -121,7 +121,7 @@ matrix: env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan -D__NO_STRING_INLINES -Wno-unused-command-line-argument" - os: linux compiler: clang - env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" - os: linux compiler: clang env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" @@ -134,7 +134,7 @@ matrix: sources: - ubuntu-toolchain-r-test compiler: gcc-5 - env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 + env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128" OPENSSL_TEST_RAND_ORDER=0 - os: linux addons: apt: diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index dce4ef11be..0df04b3bb2 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -12,11 +12,6 @@ #include #include "aes_local.h" -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { -unsigned long data[N_WORDS]; -} aes_block_t; - /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) # define UNALIGNED_MEMOPS_ARE_FAST 1 @@ -24,6 +19,15 @@ typedef struct { # define UNALIGNED_MEMOPS_ARE_FAST 0 #endif +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { +unsigned long data[N_WORDS]; +#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST +} aes_block_t __attribute((__aligned__(1))); +#else +} aes_block_t; +#endif + #if UNALIGNED_MEMOPS_ARE_FAST # define load_block(d, s)(d) = *(const aes_block_t *)(s) # define store_block(d, s) *(aes_block_t *)(d) = (s) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 9a9ced8f13..6f7d66c8be 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -72,6 +72,7 @@
[openssl] master update
The branch master has been updated via 77286fe3ec6b9777934e67e35f3b7007143b0734 (commit) from c74aaa3920f116fe4c1003153838144c37d6e527 (commit) - Log - commit 77286fe3ec6b9777934e67e35f3b7007143b0734 Author: Bernd Edlinger Date: Tue Apr 24 21:10:13 2018 +0200 Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/6074) --- Summary of changes: .travis.yml| 4 ++-- crypto/aes/aes_ige.c | 14 +- crypto/ec/ecp_nistp224.c | 9 + crypto/ec/ecp_nistp521.c | 33 + crypto/modes/cbc128.c | 19 ++- crypto/modes/ccm128.c | 22 -- crypto/modes/cfb128.c | 18 +- crypto/modes/ctr128.c | 11 +-- crypto/modes/gcm128.c | 22 ++ crypto/modes/ofb128.c | 11 +-- crypto/modes/xts128.c | 24 crypto/whrlpool/wp_block.c | 32 +++- 12 files changed, 147 insertions(+), 72 deletions(-) diff --git a/.travis.yml b/.travis.yml index 65cf6b10a9..bc28ac7adf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -103,10 +103,10 @@ jobs: env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan disable-afalgeng -Wno-unused-command-line-argument" - os: linux compiler: clang - env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -Wno-unused-command-line-argument" CXX="clang++" + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -Wno-unused-command-line-argument" CXX="clang++" - os: linux compiler: gcc - env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 enable-buildtest-c++ -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 + env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-buildtest-c++" OPENSSL_TEST_RAND_ORDER=0 - os: linux dist: xenial addons: diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index 51119186de..bbe9bcd4f8 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -18,11 +18,6 @@ #include #include "aes_local.h" -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { -unsigned long data[N_WORDS]; -} aes_block_t; - /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) # define UNALIGNED_MEMOPS_ARE_FAST 1 @@ -30,6 +25,15 @@ typedef struct { # define UNALIGNED_MEMOPS_ARE_FAST 0 #endif +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { +unsigned long data[N_WORDS]; +#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST +} aes_block_t __attribute((__aligned__(1))); +#else +} aes_block_t; +#endif + #if UNALIGNED_MEMOPS_ARE_FAST # define load_block(d, s)(d) = *(const aes_block_t *)(s) # define store_block(d, s) *(aes_block_t *)(d) = (s) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 1808c4c76c..2b665842c7 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -75,6 +75,7 @@ typedef uint64_t u64; */ typedef uint64_t limb; +typedef uint64_t limb_aX __attribute((__aligned__(1))); typedef uint128_t widelimb; typedef limb felem[4]; @@ -311,10 +312,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void) */ static void bin28_to_felem(felem out, const u8 in[28]) { -out[0] = *((const uint64_t *)(in)) & 0x00ff; -out[1] = (*((const uint64_t *)(in + 7))) & 0x00ff; -out[2] = (*((const uint64_t *)(in + 14))) & 0x00ff; -out[3] = (*((const uint64_t *)(in+20))) >> 8; +out[0] = *((const limb *)(in)) & 0x00ff; +out[1] = (*((const limb_aX *)(in + 7))) & 0x00ff; +out[2] = (*((const limb_aX *)(in + 14))) & 0x00ff; +out[3] = (*((const limb_aX *)(in + 20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 28e048ede9..0e7f1dae3b 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -131,6 +131,7 @@ static const felem_bytearray nistp521_curve_params[5] = { #define NLIMBS 9 typedef uint64_t limb; +typedef limb limb_aX __attribute((__aligned__(1))); typedef limb felem[NLIMBS]; typedef
Errored: openssl/openssl#35012 (master - c74aaa3)
Build Update for openssl/openssl - Build: #35012 Status: Errored Duration: 17 mins and 30 secs Commit: c74aaa3 (master) Author: Dr. David von Oheimb Message: Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11953) View the changeset: https://github.com/openssl/openssl/compare/9e3c510bde91...c74aaa3920f1 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691721841?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via c74aaa3920f116fe4c1003153838144c37d6e527 (commit) from 9e3c510bde91350c5a40b7ba4e9e0945895e9368 (commit) - Log - commit c74aaa3920f116fe4c1003153838144c37d6e527 Author: Dr. David von Oheimb Date: Mon May 25 13:17:51 2020 +0200 Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11953) --- Summary of changes: crypto/evp/exchange.c | 4 ++-- crypto/evp/keymgmt_lib.c | 4 ++-- crypto/evp/p_lib.c | 16 - crypto/x509/x509_cmp.c | 2 +- crypto/x509/x509_req.c | 2 +- crypto/x509/x_pubkey.c | 2 +- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 ++-- ...P_PKEY_cmp.pod => EVP_PKEY_copy_parameters.pod} | 27 +++--- include/openssl/evp.h | 6 + ssl/ssl_rsa.c | 2 +- test/evp_test.c| 2 +- util/libcrypto.num | 6 +++-- 12 files changed, 55 insertions(+), 22 deletions(-) rename doc/man3/{EVP_PKEY_cmp.pod => EVP_PKEY_copy_parameters.pod} (65%) diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 26d7e1ce95..514ecd4039 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -368,13 +368,13 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) /* * For clarity. The error is if parameters in peer are - * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return + * present (!missing) but don't match. EVP_PKEY_parameters_eq may return * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 * (different key types) is impossible here because it is checked earlier. * -2 is OK for us here, as well as 1, so we can check for 0 only. */ if (!EVP_PKEY_missing_parameters(peer) && -!EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { +!EVP_PKEY_parameters_eq(ctx->pkey, peer)) { EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS); return -1; } diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 54805d741d..a712233043 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -236,8 +236,8 @@ int evp_keymgmt_util_has(EVP_PKEY *pk, int selection) * but also in the operation cache to see if there's any common keymgmt that * supplies OP_keymgmt_match. * - * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_cmp() - * and EVP_PKEY_cmp_parameters() return, i.e.: + * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_eq() + * and EVP_PKEY_parameters_eq() return, i.e.: * * 1 same key * 0 not same key diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index d05f0f2cba..4670912588 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -156,7 +156,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) } if (!EVP_PKEY_missing_parameters(to)) { -if (EVP_PKEY_cmp_parameters(to, from) == 1) +if (EVP_PKEY_parameters_eq(to, from) == 1) return 1; EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS); return 0; @@ -272,7 +272,14 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b, return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection); } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ +return EVP_PKEY_parameters_eq(a, b); +} +#endif + +int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b) { /* * TODO: clean up legacy stuff from this function when legacy support @@ -290,7 +297,14 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) return -2; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ +return EVP_PKEY_eq(a, b); +} +#endif + +int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b) { /* * TODO: clean up legacy stuff from this function when legacy support diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 05615c1e19..25f72e057e 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -300,7 +300,7 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k) xk = X509_get0_pubkey(x); if (xk) -ret = EVP_PKEY_cmp(xk, k); +ret = EVP_PKEY_eq(xk, k); else ret = -2; diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 639e8e47db..fcc07b17dd 100644 ---
Failed: openssl/openssl#35009 (master - 9e3c510)
Build Update for openssl/openssl - Build: #35009 Status: Failed Duration: 43 mins and 50 secs Commit: 9e3c510 (master) Author: FdaSilvaYY Message: crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8098) View the changeset: https://github.com/openssl/openssl/compare/f7f53d7d61bb...9e3c510bde91 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691700411?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#35007 (master - f7f53d7)
Build Update for openssl/openssl - Build: #35007 Status: Errored Duration: 55 mins and 52 secs Commit: f7f53d7 (master) Author: Richard Levitte Message: PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP Fixes #11904 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11959) View the changeset: https://github.com/openssl/openssl/compare/e978ab7894e9...f7f53d7d61bb View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691690042?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 9e3c510bde91350c5a40b7ba4e9e0945895e9368 (commit) from f7f53d7d61bba235b8babf4cf580114d74183e3e (commit) - Log - commit 9e3c510bde91350c5a40b7ba4e9e0945895e9368 Author: FdaSilvaYY Date: Wed Jun 12 19:52:39 2019 +0200 crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8098) --- Summary of changes: CHANGES.md | 9 +++ apps/cms.c | 13 - crypto/cms/cms_err.c| 4 ++ crypto/cms/cms_ess.c| 92 + crypto/cms/cms_local.h | 3 + crypto/cms/cms_smime.c | 43 +++--- crypto/err/openssl.txt | 4 ++ crypto/ess/build.info | 9 ++- crypto/ess/ess_asn1.c | 62 +++- crypto/ess/ess_err.c| 2 +- crypto/ess/ess_lib.c| 98 +-- crypto/ts/ts_rsp_verify.c | 93 ++ doc/man1/openssl-cms.pod.in | 10 ++-- doc/man3/CMS_verify.pod | 10 +++- include/crypto/cms.h| 10 +++- include/crypto/ess.h| 6 +- include/openssl/cmserr.h| 4 ++ include/openssl/esserr.h| 3 +- test/recipes/80-test_cms.t | 137 19 files changed, 462 insertions(+), 150 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index eb8659e9cf..10fd8d541d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,15 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX ] + * Add CAdES-BES signature verification support, mostly derived + from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein. + + *Filipe Raimundo da Silva* + + * Add CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API. + + *Antonio Iacono* + * Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine(). These functions are not widely used and now OpenSSL automatically perform this conversion when needed. diff --git a/apps/cms.c b/apps/cms.c index 6b5577ecee..445fec5388 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -670,12 +670,18 @@ int cms_main(int argc, char **argv) goto opthelp; } -if (flags & CMS_CADES) { -if (flags & CMS_NOATTR) { +if ((flags & CMS_CADES) != 0) { +if ((flags & CMS_NOATTR) != 0) { BIO_puts(bio_err, "Incompatible options: " "CAdES required signed attributes\n"); goto opthelp; } +if (operation == SMIME_VERIFY +&& (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY)) != 0) { +BIO_puts(bio_err, "Incompatible options: CAdES validation require" + " certs and signed attributes validations\n"); +goto opthelp; +} } if (operation & SMIME_SIGNERS) { @@ -1115,7 +1121,8 @@ int cms_main(int argc, char **argv) goto end; } else if (operation == SMIME_VERIFY) { if (CMS_verify(cms, other, store, indata, out, flags) > 0) { -BIO_printf(bio_err, "Verification successful\n"); +BIO_printf(bio_err, "%s Verification successful\n", + (flags & CMS_CADES) ? "CAdES" : "CMS"); } else { BIO_printf(bio_err, "Verification failure\n"); if (verify_retcode) diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 526d77357e..16e25afc7f 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -52,6 +52,10 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), "error setting recipientinfo"}, +{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE), +"ess no signing certid attribute"}, +{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR), +"ess signing certid mismatch error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), "invalid encrypted key length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 3901074033..e3604f7db8 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -21,6 +21,9 @@ DEFINE_STACK_OF(GENERAL_NAMES) DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(ESS_CERT_ID) +DEFINE_STACK_OF(ESS_CERT_ID_V2) +DEFINE_STACK_OF(X509) IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) @@ -29,33 +32,100 @@
FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 65-test_cmp_msg.t .. ok 65-test_cmp_protect.t .. ok 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 04-test_err.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1914, 696
[openssl] master update
The branch master has been updated via f7f53d7d61bba235b8babf4cf580114d74183e3e (commit) from e978ab7894e966579fcd372d7cba9e051ba90150 (commit) - Log - commit f7f53d7d61bba235b8babf4cf580114d74183e3e Author: Richard Levitte Date: Tue May 26 10:05:01 2020 +0200 PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP Fixes #11904 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11959) --- Summary of changes: crypto/rsa/rsa_local.h | 7 --- include/crypto/rsa.h| 7 +++ providers/implementations/asymciphers/rsa_enc.c | 12 +++- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index f94fc79cdd..65fd6022f7 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -187,12 +187,5 @@ int rsa_padding_add_PKCS1_type_2_with_libctx(OPENSSL_CTX *libctx, unsigned char *to, int tlen, const unsigned char *from, int flen); -int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx, -unsigned char *to, int tlen, -const unsigned char *from, -int flen, -const unsigned char *param, -int plen, const EVP_MD *md, -const EVP_MD *mgf1md); #endif /* OSSL_CRYPTO_RSA_LOCAL_H */ diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 6f32ec422f..5d7a6e515d 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -69,6 +69,13 @@ int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to, size_t tlen, const unsigned char *from, size_t flen, int client_version, int alt_version); +int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx, +unsigned char *to, int tlen, +const unsigned char *from, +int flen, +const unsigned char *param, +int plen, const EVP_MD *md, +const EVP_MD *mgf1md); int rsa_validate_public(const RSA *key); int rsa_validate_private(const RSA *key); diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 1f9ded4a65..db89de8a26 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -138,11 +138,13 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, PROVerr(0, ERR_R_INTERNAL_ERROR); return 0; } -ret = RSA_padding_add_PKCS1_OAEP_mgf1(tbuf, rsasize, in, inlen, - prsactx->oaep_label, - prsactx->oaep_labellen, - prsactx->oaep_md, - prsactx->mgf1_md); +ret = +rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(prsactx->libctx, tbuf, +rsasize, in, inlen, +prsactx->oaep_label, +prsactx->oaep_labellen, +prsactx->oaep_md, +prsactx->mgf1_md); if (!ret) { OPENSSL_free(tbuf);
Build completed: openssl OpenSSL_1_1_1-stable.34447
Build openssl OpenSSL_1_1_1-stable.34447 completed Commit 7897487ffa by Patrick Steuer on 11/15/2019 10:27 PM: AES CTR-DRGB: performance improvement Configure your notification preferences
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression
Build failed: openssl master.34446
Build openssl master.34446 failed Commit 76d783cb09 by Shane Lontis on 5/27/2020 6:40 AM: fixup! Fix RSA oaep in fips mode Configure your notification preferences
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dsa
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report