Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/ma n/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man 3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via ad178c15a112d10380a6446127b069270af666de (commit) from 8354f53d40781630eb4caa1a2ce31eca5296aa29 (commit) - Log - commit ad178c15a112d10380a6446127b069270af666de Author: Benjamin Kaduk Date: Thu May 28 14:34:10 2020 -0700 Fix a typo in SSL_CTX_set_session_ticket_cb.pod "SSL" takes two esses, not three. [skip ci] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12038) (cherry picked from commit 09527c493596060544bda92ecd0d8ef40a366c5e) --- Summary of changes: doc/man3/SSL_CTX_set_session_ticket_cb.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index f3dfb62c23..99d2f29ac6 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -177,7 +177,7 @@ L =head1 HISTORY -The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT
[openssl] master update
The branch master has been updated via 09527c493596060544bda92ecd0d8ef40a366c5e (commit) from 7b2d995ed79f0653defd682e5097ed937f4cabbc (commit) - Log - commit 09527c493596060544bda92ecd0d8ef40a366c5e Author: Benjamin Kaduk Date: Thu May 28 14:34:10 2020 -0700 Fix a typo in SSL_CTX_set_session_ticket_cb.pod "SSL" takes two esses, not three. [skip ci] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12038) --- Summary of changes: doc/man3/SSL_CTX_set_session_ticket_cb.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index 8cdb88cc55..2a9576e259 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -177,7 +177,7 @@ L =head1 HISTORY -The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): 65-test_cmp_msg.t .. ok 65-test_cmp_protect.t .. ok 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 04-test_err.t(Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=199, Tests=1918, 732 wallclock secs ( 8.09 usr 1.73 sys + 695.28
[openssl] master update
The branch master has been updated via 7b2d995ed79f0653defd682e5097ed937f4cabbc (commit) via 7fa2b2673edd684ceb94ff19346f08121da9774f (commit) via 11391da217b5d07dd30dd4c1890b5320fa56be18 (commit) via 6a9bd9298bd706e3a4a40ecfa1d89f65f8592c65 (commit) from 0d52ede71685e4176999cc5e52000dcb540747fc (commit) - Log - commit 7b2d995ed79f0653defd682e5097ed937f4cabbc Author: Matt Caswell Date: Tue Jun 2 08:57:26 2020 +0100 Don't downgrade keys in libssl We were downgrading to legacy keys at various points in libssl in order to get or set an encoded point. Now that the encoded point functions work with provided keys this is no longer necessary. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) commit 7fa2b2673edd684ceb94ff19346f08121da9774f Author: Matt Caswell Date: Thu May 21 11:36:21 2020 +0100 When asked if an ECX key has parameters we should answer "true" An ECX key doesn't have any parameters associated with it. Therefore it always has all the parameters it needs, and the "has" function should return 1 if asked about parameters. Without this EVP_PKEY_missing_parameters() fails for ECX keys. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) commit 11391da217b5d07dd30dd4c1890b5320fa56be18 Author: Matt Caswell Date: Thu May 21 11:33:53 2020 +0100 Always create a key when importing Even if there is no data to import we should still create an empty key. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) commit 6a9bd9298bd706e3a4a40ecfa1d89f65f8592c65 Author: Matt Caswell Date: Wed May 20 16:20:27 2020 +0100 Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present which isn't the case for provided keys. Support has been added to dh, ec and ecx keys. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) --- Summary of changes: crypto/dh/dh_ameth.c | 2 +- crypto/dh/dh_key.c| 40 ++ crypto/dh/dh_local.h | 3 - crypto/evp/keymgmt_lib.c | 14 ++-- crypto/evp/p_lib.c| 39 ++ doc/man7/EVP_PKEY-DH.pod | 5 ++ doc/man7/EVP_PKEY-EC.pod | 5 ++ doc/man7/EVP_PKEY-X25519.pod | 5 ++ include/crypto/dh.h | 3 + include/openssl/core_names.h | 1 + providers/implementations/keymgmt/dh_kmgmt.c | 38 + providers/implementations/keymgmt/ec_kmgmt.c | 31 providers/implementations/keymgmt/ecx_kmgmt.c | 107 -- ssl/statem/extensions_clnt.c | 31 ssl/statem/extensions_srvr.c | 30 ssl/statem/statem_clnt.c | 30 ssl/statem/statem_srvr.c | 29 --- ssl/t1_lib.c | 11 --- test/evp_pkey_provided_test.c | 3 +- 19 files changed, 261 insertions(+), 166 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index d93d519444..d5e5f72517 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -438,7 +438,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: -return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2); +return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); default: return -2; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 1893b487ca..5d2acca25c 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -351,10 +351,10 @@ err: return 0; } -size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out) +size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, int alloc) { const BIGNUM *pubkey; -unsigned char *pbuf; +unsigned char *pbuf = NULL; const BIGNUM *p; int p_size; @@ -366,19 +366,29 @@ size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out) DHerr(DH_F_DH_KEY2BUF, DH_R_INVALID_PUBKEY); return 0; } -if ((pbuf = OPENSSL_malloc(p_size)) == NULL) { -DHerr(DH_F_DH_KEY2BUF, ERR_R_MALLOC_FAILURE); -return 0; -} -/* - * As per Section 4.2.8.1 of RFC 8446 left pad public - * key with zeros to the size of p - */ -if (BN_bn2binpad(pubkey, pbuf, p_size) < 0) { -OPENSSL_free(pbuf); -
[openssl] master update
The branch master has been updated via 0d52ede71685e4176999cc5e52000dcb540747fc (commit) via b38425393c76ff31560d6b0bdb0b097e7d93ffc4 (commit) via 3cd69b7458f1dfa274d4d8fe1a46a35d91e9008c (commit) via d01d375264e73f49a416409e2f8febe88ad39c8a (commit) via 5f603a280ca71b7136861b9bc408f37fd1c4e0d7 (commit) via 263ff2c9d4c88f19133d21d9956d71edd7401d54 (commit) from eca471391378139f76a7d1229b6a5a1dcc4b5603 (commit) - Log - commit 0d52ede71685e4176999cc5e52000dcb540747fc Author: Matt Caswell Date: Wed May 13 14:45:36 2020 +0100 Fix error path in int create_ssl_ctx_pair() If we hit the error path and create_ssl_ctx_pair has been passed a pre-created SSL_CTX then we could end up with a double free. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit b38425393c76ff31560d6b0bdb0b097e7d93ffc4 Author: Matt Caswell Date: Fri May 8 16:43:14 2020 +0100 Implement a test for sigalgs not being present If sigalgs are not present we should not offer or accept them. We should test that we handle this correctly. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit 3cd69b7458f1dfa274d4d8fe1a46a35d91e9008c Author: Matt Caswell Date: Mon May 4 16:26:07 2020 +0100 Implement a Filtering Provider The filtering provider can be used to place a filter in front of the default provider. Initially to filter out certain algorithms from being available for test purposes. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit d01d375264e73f49a416409e2f8febe88ad39c8a Author: Matt Caswell Date: Fri May 8 16:44:02 2020 +0100 Implement OSSL_PROVIDER_get0_provider_ctx() Implement a function which enables us to get hold of the provider ctx for a loaded provider. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit 5f603a280ca71b7136861b9bc408f37fd1c4e0d7 Author: Matt Caswell Date: Mon May 4 15:28:15 2020 +0100 Enable applications to directly call a provider's query operation This is useful to get hold of the low-level dispatch tables. This could be used to create a new provider based on an existing one. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit 263ff2c9d4c88f19133d21d9956d71edd7401d54 Author: Matt Caswell Date: Fri May 1 17:41:25 2020 +0100 Check that Signature Algorithms are available before using them We should confirm that Signature Algorithms are actually available through the loaded providers before we offer or select them. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) --- Summary of changes: crypto/provider.c | 13 +++ crypto/provider_core.c | 8 ++ doc/man3/OSSL_PROVIDER.pod | 23 + include/internal/provider.h | 1 + include/openssl/provider.h | 5 ++ ssl/ssl_lib.c | 6 ++ ssl/ssl_local.h | 6 ++ ssl/t1_lib.c| 149 ++--- test/build.info | 2 +- test/filterprov.c | 199 test/sslapitest.c | 160 +-- test/ssltestlib.c | 6 +- util/libcrypto.num | 2 + 13 files changed, 525 insertions(+), 55 deletions(-) create mode 100644 test/filterprov.c diff --git a/crypto/provider.c b/crypto/provider.c index 13438cefe3..02002a5f95 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -57,6 +57,19 @@ int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) return ossl_provider_get_params(prov, params); } + +const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, +int operation_id, +int *no_cache) +{ +return ossl_provider_query_operation(prov, operation_id, no_cache); +} + +void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov) +{ +return ossl_provider_prov_ctx(prov); +} + int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, OSSL_provider_init_fn *init_fn) { diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 8b868fdb6b..f7af51a297 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -787,6 +787,14 @@ const char *ossl_provider_module_path(const OSSL_PROVIDER *prov) #endif } +void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov) +{ +if (prov != NULL) +return prov->provctx; + +return NULL; +} +
Build failed: openssl master.34722
Build openssl master.34722 failed Commit 4430c9175e by xiaofen on 5/31/2020 1:24 PM: speed up sm2 sign/verify Configure your notification preferences
Fixed: openssl/openssl#35274 (master - eca4713)
Build Update for openssl/openssl - Build: #35274 Status: Fixed Duration: 42 mins and 23 secs Commit: eca4713 (master) Author: Richard Levitte Message: APPS: Drop interactive mode in the 'openssl' program This mode is severely untested and unmaintained, is seems not to be used very much. Closes #4679 Closes #6292 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12023) View the changeset: https://github.com/openssl/openssl/compare/987e3a0eed18...eca471391378 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694936484?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Fixed: openssl/openssl#35272 (master - 987e3a0)
Build Update for openssl/openssl - Build: #35272 Status: Fixed Duration: 53 mins and 47 secs Commit: 987e3a0 (master) Author: Dr. David von Oheimb Message: Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md This is a follow-up of PR #12013. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12026) View the changeset: https://github.com/openssl/openssl/compare/b1c21b27dce8...987e3a0eed18 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694928626?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via eca471391378139f76a7d1229b6a5a1dcc4b5603 (commit) from 987e3a0eed18a857062df6ae28671feb8929b560 (commit) - Log - commit eca471391378139f76a7d1229b6a5a1dcc4b5603 Author: Richard Levitte Date: Wed Jun 3 10:49:50 2020 +0200 APPS: Drop interactive mode in the 'openssl' program This mode is severely untested and unmaintained, is seems not to be used very much. Closes #4679 Closes #6292 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12023) --- Summary of changes: CHANGES.md | 6 NEWS.md | 1 + apps/openssl.c | 97 +--- doc/man1/openssl.pod | 6 +++- 4 files changed, 20 insertions(+), 90 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index acb4c904bb..39088d1bc7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,12 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX ] + * Dropped interactive mode from the 'openssl' program. From now on, + the `openssl` command without arguments is equivalent to `openssl + help`. + + *Richard Levitte* + * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq(). While the old function names have been retained for backward compatibility diff --git a/NEWS.md b/NEWS.md index c09e9599a4..29fb641d26 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Interactive mode is removed from the 'openssl' program. * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in the FIPS provider. None have the "fips=yes" property set and, as such, will not be accidentially used. diff --git a/apps/openssl.c b/apps/openssl.c index 6265bffa67..7b0ccbcc09 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -30,9 +30,6 @@ #include "apps.h" #include "progs.h" -/* Special sentinel to exit the program. */ -#define EXIT_THE_PROGRAM (-1) - /* * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with * the base prototypes (we cast each variable inside the function to the @@ -212,11 +209,9 @@ int main(int argc, char *argv[]) { FUNCTION f, *fp; LHASH_OF(FUNCTION) *prog = NULL; -char *p, *pname; -char buf[1024]; -const char *prompt; +char *pname; ARGS arg; -int first, n, i, ret = 0; +int ret = 0; arg.argv = NULL; arg.size = 0; @@ -264,89 +259,17 @@ int main(int argc, char *argv[]) /* first check the program name */ f.name = pname; fp = lh_FUNCTION_retrieve(prog, ); -if (fp != NULL) { -argv[0] = pname; -if (fp->deprecated_alternative != NULL) -warn_deprecated(fp); -ret = fp->func(argc, argv); -goto end; -} - -/* If there is stuff on the command line, run with that. */ -if (argc != 1) { +if (fp == NULL) { +/* We assume we've been called as 'openssl cmd' */ argc--; argv++; -ret = do_cmd(prog, argc, argv); -if (ret < 0) -ret = 0; -goto end; } -/* ok, lets enter interactive mode */ -for (;;) { -ret = 0; -/* Read a line, continue reading if line ends with \ */ -for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) { -prompt = first ? "OpenSSL> " : "> "; -p[0] = '\0'; -#ifndef READLINE -fputs(prompt, stdout); -fflush(stdout); -if (!fgets(p, n, stdin)) -goto end; -if (p[0] == '\0') -goto end; -i = strlen(p); -if (i <= 1) -break; -if (p[i - 2] != '\\') -break; -i -= 2; -p += i; -n -= i; -#else -{ -extern char *readline(const char *); -extern void add_history(const char *cp); -char *text; - -text = readline(prompt); -if (text == NULL) -goto end; -i = strlen(text); -if (i == 0 || i > n) -break; -if (text[i - 1] != '\\') { -p += strlen(strcpy(p, text)); -free(text); -add_history(buf); -break; -} - -text[i - 1] = '\0'; -p += strlen(strcpy(p, text)); -free(text); -n -= i; -} -#endif -} +/* If there's a command, run with that, otherwise "help". */ +ret = argc > 0 +? do_cmd(prog, argc, argv) +:
[openssl] master update
The branch master has been updated via 987e3a0eed18a857062df6ae28671feb8929b560 (commit) from b1c21b27dce840cfe2c9554b498fdcd115799a2f (commit) - Log - commit 987e3a0eed18a857062df6ae28671feb8929b560 Author: Dr. David von Oheimb Date: Wed Jun 3 14:13:01 2020 +0200 Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md This is a follow-up of PR #12013. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12026) --- Summary of changes: CHANGES.md | 9 + 1 file changed, 9 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 68fa1e0033..acb4c904bb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,15 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX ] + * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and + EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq(). + While the old function names have been retained for backward compatibility + they should not be used in new developments + because their return values are confusing: Unlike other `_cmp()` functions + they do not return 0 in case their arguments are equal. + + *David von Oheimb* + * Deprecated EC_METHOD_get_field_type(). Applications should switch to EC_GROUP_get_field_type().
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz.t . ok Test Summary Report --- 80-test_ssl_new.t