Still Failing: openssl/openssl#35025 (master - bac8d06)
Build Update for openssl/openssl - Build: #35025 Status: Still Failing Duration: 1 hr, 7 mins, and 54 secs Commit: bac8d06 (master) Author: Pauli Message: ossl_shim: use the correct ticket key call back. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11966) View the changeset: https://github.com/openssl/openssl/compare/4f65bc6f8fc4...bac8d066a595 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/692010963?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build failed: openssl master.34472
Build openssl master.34472 failed Commit ce35b66dde by Pauli on 5/28/2020 4:05 AM: rand: remove deprecated RAND_event and RAND_screen functions Configure your notification preferences
[openssl] master update
The branch master has been updated
via 3d518d3d813da40195ff9fe5f4567ab9f09ddcc9 (commit)
from bac8d066a595454e3f4a75e6e155a9d5b99ce4ea (commit)
- Log -
commit 3d518d3d813da40195ff9fe5f4567ab9f09ddcc9
Author: Shane Lontis
Date: Wed May 27 12:10:52 2020 +1000
Fix errtest for older compilers
Some older compilers use "unknown function" if they dont support __func, so
the
test using ERR_PUT_error needed to compensate for this when comparing
against the
expected value.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/11967)
---
Summary of changes:
test/errtest.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/test/errtest.c b/test/errtest.c
index cc2f6612d1..9adf4ca917 100644
--- a/test/errtest.c
+++ b/test/errtest.c
@@ -10,6 +10,7 @@
#include
#include
#include
+#include
#include "testutil.h"
@@ -24,17 +25,20 @@
static int test_print_error_format(void)
{
-static const char expected[] =
-":error::system library:test_print_error_format:Operation not
permitted:"
+static const char expected_format[] =
+":error::system library:%s:Operation not permitted:"
# ifndef OPENSSL_NO_FILENAMES
"errtest.c:30:";
# else
":0:";
# endif
+char expected[256];
char *out = NULL, *p = NULL;
int ret = 0, len;
BIO *bio = NULL;
+BIO_snprintf(expected, sizeof(expected), expected_format, OPENSSL_FUNC);
+
if (!TEST_ptr(bio = BIO_new(BIO_s_mem(
return 0;
Build failed: openssl master.34470
Build openssl master.34470 failed Commit 219de9e766 by Pauli on 5/27/2020 3:37 AM: fips: DRBG KATs Configure your notification preferences
[openssl] master update
The branch master has been updated
via bac8d066a595454e3f4a75e6e155a9d5b99ce4ea (commit)
from 4f65bc6f8fc4464631a93002d99f61a4a75b4552 (commit)
- Log -
commit bac8d066a595454e3f4a75e6e155a9d5b99ce4ea
Author: Pauli
Date: Wed May 27 07:26:46 2020 +1000
ossl_shim: use the correct ticket key call back.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/11966)
---
Summary of changes:
test/ossl_shim/ossl_shim.cc | 25 -
test/ossl_shim/test_config.cc | 2 --
test/ossl_shim/test_config.h | 2 --
3 files changed, 12 insertions(+), 17 deletions(-)
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index 0bdf5dd451..3ebe31b7dd 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -7,11 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * HMAC low level APIs are deprecated for public use but might be used here.
- */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#if !defined(__STDC_FORMAT_MACROS)
#define __STDC_FORMAT_MACROS
#endif
@@ -374,10 +369,11 @@ static int NewSessionCallback(SSL *ssl, SSL_SESSION
*session) {
return 1;
}
-#ifndef OPENSSL_NO_DEPRECATED_3_0
static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
- EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
+ EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx,
int encrypt) {
+ OSSL_PARAM params[3], *p = params;
+
if (!encrypt) {
if (GetTestState(ssl)->ticket_decrypt_done) {
fprintf(stderr, "TicketKeyCallback called after completion.\n");
@@ -397,8 +393,14 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name,
uint8_t *iv,
return 0;
}
- if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
- !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 0);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, kZeros,
+ sizeof(kZeros));
+ *p = OSSL_PARAM_construct_end();
+
+ if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)
+ || !EVP_MAC_init(hmac_ctx)
+ || !EVP_MAC_CTX_set_params(hmac_ctx, params)) {
return -1;
}
@@ -407,7 +409,6 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name,
uint8_t *iv,
}
return 1;
}
-#endif
// kCustomExtensionValue is the extension value that the custom extension
// callbacks will add.
@@ -631,11 +632,9 @@ static bssl::UniquePtr SetupCtx(const TestConfig
*config) {
SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback);
SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
-#ifndef OPENSSL_NO_DEPRECATED_3_0
if (config->use_ticket_callback) {
-SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback);
+SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback);
}
-#endif
if (config->enable_client_custom_extension &&
!SSL_CTX_add_client_custom_ext(
diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc
index b1a3fa3920..a37d010d7a 100644
--- a/test/ossl_shim/test_config.cc
+++ b/test/ossl_shim/test_config.cc
@@ -63,9 +63,7 @@ const Flag kBoolFlags[] = {
{ "-use-export-context", ::use_export_context },
{ "-expect-ticket-renewal", ::expect_ticket_renewal },
{ "-expect-no-session", ::expect_no_session },
-#ifndef OPENSSL_NO_DEPRECATED_3_0
{ "-use-ticket-callback", ::use_ticket_callback },
-#endif
{ "-renew-ticket", ::renew_ticket },
{ "-enable-client-custom-extension",
::enable_client_custom_extension },
diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h
index 653554d995..6968a128ca 100644
--- a/test/ossl_shim/test_config.h
+++ b/test/ossl_shim/test_config.h
@@ -62,9 +62,7 @@ struct TestConfig {
bool use_export_context = false;
bool expect_ticket_renewal = false;
bool expect_no_session = false;
-#ifndef OPENSSL_NO_DEPRECATED_3_0
bool use_ticket_callback = false;
-#endif
bool renew_ticket = false;
bool enable_client_custom_extension = false;
bool enable_server_custom_extension = false;
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/ma n/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man 3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3
Still Failing: openssl/openssl#35019 (master - 4f65bc6)
Build Update for openssl/openssl - Build: #35019 Status: Still Failing Duration: 48 mins and 17 secs Commit: 4f65bc6 (master) Author: Pauli Message: fips: add AES OFB mode ciphers to FIPS provider. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11908) View the changeset: https://github.com/openssl/openssl/compare/77286fe3ec6b...4f65bc6f8fc4 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691933758?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 4f65bc6f8fc4464631a93002d99f61a4a75b4552 (commit)
via 0839afa747cd0e0ef35179ed49dfd4a481fcc918 (commit)
from 77286fe3ec6b9777934e67e35f3b7007143b0734 (commit)
- Log -
commit 4f65bc6f8fc4464631a93002d99f61a4a75b4552
Author: Pauli
Date: Sat May 23 10:20:46 2020 +1000
fips: add AES OFB mode ciphers to FIPS provider.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/11908)
commit 0839afa747cd0e0ef35179ed49dfd4a481fcc918
Author: Pauli
Date: Fri May 22 19:30:52 2020 +1000
fips: add AES CFB mode ciphers to FIPS provider.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/11908)
---
Summary of changes:
providers/fips/fipsprov.c | 12
test/recipes/30-test_evp_data/evpciph.txt | 48 ---
2 files changed, 12 insertions(+), 48 deletions(-)
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index bbf95b7505..31217202f2 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -390,6 +390,18 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
ALG("AES-256-CBC", aes256cbc_functions),
ALG("AES-192-CBC", aes192cbc_functions),
ALG("AES-128-CBC", aes128cbc_functions),
+ALG("AES-256-OFB", aes256ofb_functions),
+ALG("AES-192-OFB", aes192ofb_functions),
+ALG("AES-128-OFB", aes128ofb_functions),
+ALG("AES-256-CFB", aes256cfb_functions),
+ALG("AES-192-CFB", aes192cfb_functions),
+ALG("AES-128-CFB", aes128cfb_functions),
+ALG("AES-256-CFB1", aes256cfb1_functions),
+ALG("AES-192-CFB1", aes192cfb1_functions),
+ALG("AES-128-CFB1", aes128cfb1_functions),
+ALG("AES-256-CFB8", aes256cfb8_functions),
+ALG("AES-192-CFB8", aes192cfb8_functions),
+ALG("AES-128-CFB8", aes128cfb8_functions),
ALG("AES-256-CTR", aes256ctr_functions),
ALG("AES-192-CTR", aes192ctr_functions),
ALG("AES-128-CTR", aes128ctr_functions),
diff --git a/test/recipes/30-test_evp_data/evpciph.txt
b/test/recipes/30-test_evp_data/evpciph.txt
index 4d7f9f0d94..4f7afd0e1d 100644
--- a/test/recipes/30-test_evp_data/evpciph.txt
+++ b/test/recipes/30-test_evp_data/evpciph.txt
@@ -259,7 +259,6 @@ Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B
# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
# CFB128-AES128.Encrypt
Cipher = AES-128-CFB
-Availablein = default
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = 000102030405060708090A0B0C0D0E0F
Operation = ENCRYPT
@@ -267,7 +266,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A
Cipher = AES-128-CFB
-Availablein = default
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = 3B3FD92EB72DAD20333449F8E83CFB4A
Operation = ENCRYPT
@@ -275,7 +273,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B
Cipher = AES-128-CFB
-Availablein = default
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B
Operation = ENCRYPT
@@ -283,7 +280,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF
Cipher = AES-128-CFB
-Availablein = default
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = 26751F67A3CBB140B1808CF187A4F4DF
Operation = ENCRYPT
@@ -292,7 +288,6 @@ Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6
# CFB128-AES128.Decrypt
Cipher = AES-128-CFB
-Availablein = default
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = 000102030405060708090A0B0C0D0E0F
Operation = DECRYPT
@@ -300,7 +295,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A
Cipher = AES-128-CFB
-Availablein = default
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = 3B3FD92EB72DAD20333449F8E83CFB4A
Operation = DECRYPT
@@ -308,7 +302,6 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B
Cipher = AES-128-CFB
-Availablein = default
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B
Operation = DECRYPT
@@ -316,7 +309,6 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF
Cipher = AES-128-CFB
-Availablein = default
Key = 2B7E151628AED2A6ABF7158809CF4F3C
IV = 26751F67A3CBB140B1808CF187A4F4DF
Operation = DECRYPT
@@ -325,7 +317,6 @@ Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6
# CFB128-AES192.Encrypt
Cipher = AES-192-CFB
-Availablein = default
Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
IV = 000102030405060708090A0B0C0D0E0F
Operation = ENCRYPT
@@ -333,7 +324,6 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174
Cipher = AES-192-CFB
-Availablein = default
Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
IV =
Failed: openssl/openssl#35017 (master - 77286fe)
Build Update for openssl/openssl - Build: #35017 Status: Failed Duration: 51 mins and 5 secs Commit: 77286fe (master) Author: Bernd Edlinger Message: Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/6074) View the changeset: https://github.com/openssl/openssl/compare/c74aaa3920f1...77286fe3ec6b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691858288?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via d03ffeaf45da6541875bff05b3f79d8dba355c97 (commit)
from efdfc392aac6d56fe385223cd26687fa26ca9af3 (commit)
- Log -
commit d03ffeaf45da6541875bff05b3f79d8dba355c97
Author: Bernd Edlinger
Date: Tue Apr 24 21:10:13 2018 +0200
Avoid undefined behavior with unaligned accesses
Fixes: #4983
[extended tests]
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/11781)
---
Summary of changes:
.travis.yml| 6 +++---
crypto/aes/aes_ige.c | 14 +-
crypto/ec/ecp_nistp224.c | 9 +
crypto/ec/ecp_nistp521.c | 33 +
crypto/modes/cbc128.c | 19 ++-
crypto/modes/ccm128.c | 22 --
crypto/modes/cfb128.c | 18 +-
crypto/modes/ctr128.c | 11 +--
crypto/modes/gcm128.c | 22 ++
crypto/modes/modes_local.h | 12 ++--
crypto/modes/ofb128.c | 11 +--
crypto/modes/xts128.c | 24
crypto/whrlpool/wp_block.c | 32 +++-
13 files changed, 158 insertions(+), 75 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index fe1b0f78fa..6cf1ba02c0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -57,7 +57,7 @@ matrix:
apt:
packages:
- clang-6.0
- env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5
enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared
enable-buildtest-c++ -fno-sanitize=alignment
-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES
-Wno-unused-command-line-argument" MATRIX_EVAL="CC=clang-6.0 && CXX=clang++-6.0"
+ env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5
enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared
enable-buildtest-c++ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-D__NO_STRING_INLINES -Wno-unused-command-line-argument"
MATRIX_EVAL="CC=clang-6.0 && CXX=clang++-6.0"
- os: linux
arch: s390x
compiler: gcc
@@ -121,7 +121,7 @@ matrix:
env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan
-D__NO_STRING_INLINES -Wno-unused-command-line-argument"
- os: linux
compiler: clang
- env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan
enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg
no-shared -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-D__NO_STRING_INLINES -Wno-unused-command-line-argument"
+ env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan
enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg
no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES
-Wno-unused-command-line-argument"
- os: linux
compiler: clang
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5
enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-D__NO_STRING_INLINES -Wno-unused-command-line-argument"
@@ -134,7 +134,7 @@ matrix:
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
- env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug
no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0
+ env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug
no-asm enable-asan enable-ubsan enable-rc5 enable-md2
enable-ec_nistp_64_gcc_128" OPENSSL_TEST_RAND_ORDER=0
- os: linux
addons:
apt:
diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
index dce4ef11be..0df04b3bb2 100644
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -12,11 +12,6 @@
#include
#include "aes_local.h"
-#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
-typedef struct {
-unsigned long data[N_WORDS];
-} aes_block_t;
-
/* XXX: probably some better way to do this */
#if defined(__i386__) || defined(__x86_64__)
# define UNALIGNED_MEMOPS_ARE_FAST 1
@@ -24,6 +19,15 @@ typedef struct {
# define UNALIGNED_MEMOPS_ARE_FAST 0
#endif
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+unsigned long data[N_WORDS];
+#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST
+} aes_block_t __attribute((__aligned__(1)));
+#else
+} aes_block_t;
+#endif
+
#if UNALIGNED_MEMOPS_ARE_FAST
# define load_block(d, s)(d) = *(const aes_block_t *)(s)
# define store_block(d, s) *(aes_block_t *)(d) = (s)
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index 9a9ced8f13..6f7d66c8be 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -72,6 +72,7 @@
[openssl] master update
The branch master has been updated
via 77286fe3ec6b9777934e67e35f3b7007143b0734 (commit)
from c74aaa3920f116fe4c1003153838144c37d6e527 (commit)
- Log -
commit 77286fe3ec6b9777934e67e35f3b7007143b0734
Author: Bernd Edlinger
Date: Tue Apr 24 21:10:13 2018 +0200
Avoid undefined behavior with unaligned accesses
Fixes: #4983
[extended tests]
Reviewed-by: Nicola Tuveri
(Merged from https://github.com/openssl/openssl/pull/6074)
---
Summary of changes:
.travis.yml| 4 ++--
crypto/aes/aes_ige.c | 14 +-
crypto/ec/ecp_nistp224.c | 9 +
crypto/ec/ecp_nistp521.c | 33 +
crypto/modes/cbc128.c | 19 ++-
crypto/modes/ccm128.c | 22 --
crypto/modes/cfb128.c | 18 +-
crypto/modes/ctr128.c | 11 +--
crypto/modes/gcm128.c | 22 ++
crypto/modes/ofb128.c | 11 +--
crypto/modes/xts128.c | 24
crypto/whrlpool/wp_block.c | 32 +++-
12 files changed, 147 insertions(+), 72 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 65cf6b10a9..bc28ac7adf 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -103,10 +103,10 @@ jobs:
env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan disable-afalgeng
-Wno-unused-command-line-argument"
- os: linux
compiler: clang
- env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan
enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg
no-shared enable-buildtest-c++ -fno-sanitize=alignment
-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -Wno-unused-command-line-argument"
CXX="clang++"
+ env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan
enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg
no-shared enable-buildtest-c++ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-Wno-unused-command-line-argument" CXX="clang++"
- os: linux
compiler: gcc
- env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan
enable-rc5 enable-md2 enable-buildtest-c++ -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0
+ env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-asan
enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128
enable-buildtest-c++" OPENSSL_TEST_RAND_ORDER=0
- os: linux
dist: xenial
addons:
diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
index 51119186de..bbe9bcd4f8 100644
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -18,11 +18,6 @@
#include
#include "aes_local.h"
-#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
-typedef struct {
-unsigned long data[N_WORDS];
-} aes_block_t;
-
/* XXX: probably some better way to do this */
#if defined(__i386__) || defined(__x86_64__)
# define UNALIGNED_MEMOPS_ARE_FAST 1
@@ -30,6 +25,15 @@ typedef struct {
# define UNALIGNED_MEMOPS_ARE_FAST 0
#endif
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+unsigned long data[N_WORDS];
+#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST
+} aes_block_t __attribute((__aligned__(1)));
+#else
+} aes_block_t;
+#endif
+
#if UNALIGNED_MEMOPS_ARE_FAST
# define load_block(d, s)(d) = *(const aes_block_t *)(s)
# define store_block(d, s) *(aes_block_t *)(d) = (s)
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index 1808c4c76c..2b665842c7 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -75,6 +75,7 @@ typedef uint64_t u64;
*/
typedef uint64_t limb;
+typedef uint64_t limb_aX __attribute((__aligned__(1)));
typedef uint128_t widelimb;
typedef limb felem[4];
@@ -311,10 +312,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void)
*/
static void bin28_to_felem(felem out, const u8 in[28])
{
-out[0] = *((const uint64_t *)(in)) & 0x00ff;
-out[1] = (*((const uint64_t *)(in + 7))) & 0x00ff;
-out[2] = (*((const uint64_t *)(in + 14))) & 0x00ff;
-out[3] = (*((const uint64_t *)(in+20))) >> 8;
+out[0] = *((const limb *)(in)) & 0x00ff;
+out[1] = (*((const limb_aX *)(in + 7))) & 0x00ff;
+out[2] = (*((const limb_aX *)(in + 14))) & 0x00ff;
+out[3] = (*((const limb_aX *)(in + 20))) >> 8;
}
static void felem_to_bin28(u8 out[28], const felem in)
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 28e048ede9..0e7f1dae3b 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -131,6 +131,7 @@ static const felem_bytearray nistp521_curve_params[5] = {
#define NLIMBS 9
typedef uint64_t limb;
+typedef limb limb_aX __attribute((__aligned__(1)));
typedef limb felem[NLIMBS];
typedef
Errored: openssl/openssl#35012 (master - c74aaa3)
Build Update for openssl/openssl - Build: #35012 Status: Errored Duration: 17 mins and 30 secs Commit: c74aaa3 (master) Author: Dr. David von Oheimb Message: Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11953) View the changeset: https://github.com/openssl/openssl/compare/9e3c510bde91...c74aaa3920f1 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691721841?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via c74aaa3920f116fe4c1003153838144c37d6e527 (commit)
from 9e3c510bde91350c5a40b7ba4e9e0945895e9368 (commit)
- Log -
commit c74aaa3920f116fe4c1003153838144c37d6e527
Author: Dr. David von Oheimb
Date: Mon May 25 13:17:51 2020 +0200
Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to
EVP_PKEY_parameters_eq()
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/11953)
---
Summary of changes:
crypto/evp/exchange.c | 4 ++--
crypto/evp/keymgmt_lib.c | 4 ++--
crypto/evp/p_lib.c | 16 -
crypto/x509/x509_cmp.c | 2 +-
crypto/x509/x509_req.c | 2 +-
crypto/x509/x_pubkey.c | 2 +-
doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 ++--
...P_PKEY_cmp.pod => EVP_PKEY_copy_parameters.pod} | 27 +++---
include/openssl/evp.h | 6 +
ssl/ssl_rsa.c | 2 +-
test/evp_test.c| 2 +-
util/libcrypto.num | 6 +++--
12 files changed, 55 insertions(+), 22 deletions(-)
rename doc/man3/{EVP_PKEY_cmp.pod => EVP_PKEY_copy_parameters.pod} (65%)
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index 26d7e1ce95..514ecd4039 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -368,13 +368,13 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY
*peer)
/*
* For clarity. The error is if parameters in peer are
- * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
+ * present (!missing) but don't match. EVP_PKEY_parameters_eq may return
* 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
* (different key types) is impossible here because it is checked earlier.
* -2 is OK for us here, as well as 1, so we can check for 0 only.
*/
if (!EVP_PKEY_missing_parameters(peer) &&
-!EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
+!EVP_PKEY_parameters_eq(ctx->pkey, peer)) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
return -1;
}
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index 54805d741d..a712233043 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -236,8 +236,8 @@ int evp_keymgmt_util_has(EVP_PKEY *pk, int selection)
* but also in the operation cache to see if there's any common keymgmt that
* supplies OP_keymgmt_match.
*
- * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_cmp()
- * and EVP_PKEY_cmp_parameters() return, i.e.:
+ * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_eq()
+ * and EVP_PKEY_parameters_eq() return, i.e.:
*
* 1 same key
* 0 not same key
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index d05f0f2cba..4670912588 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -156,7 +156,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY
*from)
}
if (!EVP_PKEY_missing_parameters(to)) {
-if (EVP_PKEY_cmp_parameters(to, from) == 1)
+if (EVP_PKEY_parameters_eq(to, from) == 1)
return 1;
EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
return 0;
@@ -272,7 +272,14 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const
EVP_PKEY *b,
return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection);
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+return EVP_PKEY_parameters_eq(a, b);
+}
+#endif
+
+int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b)
{
/*
* TODO: clean up legacy stuff from this function when legacy support
@@ -290,7 +297,14 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const
EVP_PKEY *b)
return -2;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+return EVP_PKEY_eq(a, b);
+}
+#endif
+
+int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b)
{
/*
* TODO: clean up legacy stuff from this function when legacy support
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 05615c1e19..25f72e057e 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -300,7 +300,7 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
xk = X509_get0_pubkey(x);
if (xk)
-ret = EVP_PKEY_cmp(xk, k);
+ret = EVP_PKEY_eq(xk, k);
else
ret = -2;
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 639e8e47db..fcc07b17dd 100644
---
Failed: openssl/openssl#35009 (master - 9e3c510)
Build Update for openssl/openssl - Build: #35009 Status: Failed Duration: 43 mins and 50 secs Commit: 9e3c510 (master) Author: FdaSilvaYY Message: crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8098) View the changeset: https://github.com/openssl/openssl/compare/f7f53d7d61bb...9e3c510bde91 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691700411?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#35007 (master - f7f53d7)
Build Update for openssl/openssl - Build: #35007 Status: Errored Duration: 55 mins and 52 secs Commit: f7f53d7 (master) Author: Richard Levitte Message: PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP Fixes #11904 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11959) View the changeset: https://github.com/openssl/openssl/compare/e978ab7894e9...f7f53d7d61bb View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/691690042?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via 9e3c510bde91350c5a40b7ba4e9e0945895e9368 (commit)
from f7f53d7d61bba235b8babf4cf580114d74183e3e (commit)
- Log -
commit 9e3c510bde91350c5a40b7ba4e9e0945895e9368
Author: FdaSilvaYY
Date: Wed Jun 12 19:52:39 2019 +0200
crypto/cms: add CAdES-BES signed attributes validation
for signing certificate V2 and signing certificate extensions.
CAdES: lowercase name for now internal methods.
crypto/cms: generated file changes.
Add some CHANGES entries.
[extended tests]
Reviewed-by: Shane Lontis
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/8098)
---
Summary of changes:
CHANGES.md | 9 +++
apps/cms.c | 13 -
crypto/cms/cms_err.c| 4 ++
crypto/cms/cms_ess.c| 92 +
crypto/cms/cms_local.h | 3 +
crypto/cms/cms_smime.c | 43 +++---
crypto/err/openssl.txt | 4 ++
crypto/ess/build.info | 9 ++-
crypto/ess/ess_asn1.c | 62 +++-
crypto/ess/ess_err.c| 2 +-
crypto/ess/ess_lib.c| 98 +--
crypto/ts/ts_rsp_verify.c | 93 ++
doc/man1/openssl-cms.pod.in | 10 ++--
doc/man3/CMS_verify.pod | 10 +++-
include/crypto/cms.h| 10 +++-
include/crypto/ess.h| 6 +-
include/openssl/cmserr.h| 4 ++
include/openssl/esserr.h| 3 +-
test/recipes/80-test_cms.t | 137
19 files changed, 462 insertions(+), 150 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index eb8659e9cf..10fd8d541d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,15 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX ]
+ * Add CAdES-BES signature verification support, mostly derived
+ from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein.
+
+ *Filipe Raimundo da Silva*
+
+ * Add CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
+
+ *Antonio Iacono*
+
* Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine(). These
functions are not widely used and now OpenSSL automatically perform this
conversion when needed.
diff --git a/apps/cms.c b/apps/cms.c
index 6b5577ecee..445fec5388 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -670,12 +670,18 @@ int cms_main(int argc, char **argv)
goto opthelp;
}
-if (flags & CMS_CADES) {
-if (flags & CMS_NOATTR) {
+if ((flags & CMS_CADES) != 0) {
+if ((flags & CMS_NOATTR) != 0) {
BIO_puts(bio_err, "Incompatible options: "
"CAdES required signed attributes\n");
goto opthelp;
}
+if (operation == SMIME_VERIFY
+&& (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY))
!= 0) {
+BIO_puts(bio_err, "Incompatible options: CAdES validation require"
+ " certs and signed attributes validations\n");
+goto opthelp;
+}
}
if (operation & SMIME_SIGNERS) {
@@ -1115,7 +1121,8 @@ int cms_main(int argc, char **argv)
goto end;
} else if (operation == SMIME_VERIFY) {
if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
-BIO_printf(bio_err, "Verification successful\n");
+BIO_printf(bio_err, "%s Verification successful\n",
+ (flags & CMS_CADES) ? "CAdES" : "CMS");
} else {
BIO_printf(bio_err, "Verification failure\n");
if (verify_retcode)
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
index 526d77357e..16e25afc7f 100644
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@@ -52,6 +52,10 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
"error setting recipientinfo"},
+{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE),
+"ess no signing certid attribute"},
+{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR),
+"ess signing certid mismatch error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
"invalid encrypted key length"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 3901074033..e3604f7db8 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -21,6 +21,9 @@
DEFINE_STACK_OF(GENERAL_NAMES)
DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(ESS_CERT_ID)
+DEFINE_STACK_OF(ESS_CERT_ID_V2)
+DEFINE_STACK_OF(X509)
IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
@@ -29,33 +32,100 @@
FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 65-test_cmp_msg.t .. ok 65-test_cmp_protect.t .. ok 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 04-test_err.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1914, 696
[openssl] master update
The branch master has been updated
via f7f53d7d61bba235b8babf4cf580114d74183e3e (commit)
from e978ab7894e966579fcd372d7cba9e051ba90150 (commit)
- Log -
commit f7f53d7d61bba235b8babf4cf580114d74183e3e
Author: Richard Levitte
Date: Tue May 26 10:05:01 2020 +0200
PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP
Fixes #11904
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/11959)
---
Summary of changes:
crypto/rsa/rsa_local.h | 7 ---
include/crypto/rsa.h| 7 +++
providers/implementations/asymciphers/rsa_enc.c | 12 +++-
3 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index f94fc79cdd..65fd6022f7 100644
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@@ -187,12 +187,5 @@ int rsa_padding_add_PKCS1_type_2_with_libctx(OPENSSL_CTX
*libctx,
unsigned char *to, int tlen,
const unsigned char *from,
int flen);
-int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
-unsigned char *to, int tlen,
-const unsigned char *from,
-int flen,
-const unsigned char *param,
-int plen, const EVP_MD *md,
-const EVP_MD *mgf1md);
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 6f32ec422f..5d7a6e515d 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -69,6 +69,13 @@ int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx,
unsigned char *to,
size_t tlen, const unsigned char *from,
size_t flen, int client_version,
int alt_version);
+int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
+unsigned char *to, int tlen,
+const unsigned char *from,
+int flen,
+const unsigned char *param,
+int plen, const EVP_MD *md,
+const EVP_MD *mgf1md);
int rsa_validate_public(const RSA *key);
int rsa_validate_private(const RSA *key);
diff --git a/providers/implementations/asymciphers/rsa_enc.c
b/providers/implementations/asymciphers/rsa_enc.c
index 1f9ded4a65..db89de8a26 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -138,11 +138,13 @@ static int rsa_encrypt(void *vprsactx, unsigned char
*out, size_t *outlen,
PROVerr(0, ERR_R_INTERNAL_ERROR);
return 0;
}
-ret = RSA_padding_add_PKCS1_OAEP_mgf1(tbuf, rsasize, in, inlen,
- prsactx->oaep_label,
- prsactx->oaep_labellen,
- prsactx->oaep_md,
- prsactx->mgf1_md);
+ret =
+rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(prsactx->libctx, tbuf,
+rsasize, in, inlen,
+prsactx->oaep_label,
+prsactx->oaep_labellen,
+prsactx->oaep_md,
+prsactx->mgf1_md);
if (!ret) {
OPENSSL_free(tbuf);
Build completed: openssl OpenSSL_1_1_1-stable.34447
Build openssl OpenSSL_1_1_1-stable.34447 completed Commit 7897487ffa by Patrick Steuer on 11/15/2019 10:27 PM: AES CTR-DRGB: performance improvement Configure your notification preferences
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression
Build failed: openssl master.34446
Build openssl master.34446 failed Commit 76d783cb09 by Shane Lontis on 5/27/2020 6:40 AM: fixup! Fix RSA oaep in fips mode Configure your notification preferences
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dsa
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 93f99b681a Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it 7674e92324 Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() 5606922c3d PROV: Fix RSA-OAEP memory leak b808665265 Update core_names.h fields and document most fields. f32af93c92 Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod 1bdd86fb1c ossl_shim: add deprecation guards around the -use-ticket-callback option. bbc3c22c0e Coverity 1463830: Resource leaks (RESOURCE_LEAK) b394809c87 Update the gost-engine submodule 3f5ea7dc0c Fix omissions in providers/common/der/build.info 8069bf5854 Drop special case of time interval calculation for VMS 2bd928a1bf Revert "Guard use of struct tms with #ifdef __TMS" e919166927 Fix auto-gen names in .gitignore f7201301ef s_client: Fix -proxy flag regression Build log ended with (last 100 lines): 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report
