[openssl] master update
The branch master has been updated via 2e9ab56edc6961aad779e1d41cb6e7414ae5a71d (commit) via 2ff4e15dc2a981a447859558c8de2c96ba804c5b (commit) via 0ed26fb63c814458e9906a916fe3ce5ca961842f (commit) via c9452d74a4bad8853ca60889788e51d46328877d (commit) via d8e52fd05e350ee308715c46ac13dbea2899a6ce (commit) via 44d2482ba62bf7fc2fd4cfc250ad09e0feaa42da (commit) from 11b93a1c82f2cb2be67b2d08cac4168a16555364 (commit) - Log - commit 2e9ab56edc6961aad779e1d41cb6e7414ae5a71d Author: Pauli Date: Tue Sep 22 15:09:25 2020 +1000 rand: add a test case for configuration based random Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12931) commit 2ff4e15dc2a981a447859558c8de2c96ba804c5b Author: Pauli Date: Tue Sep 22 09:36:53 2020 +1000 list: add capability to print details about the current DRBGs This allows a user to confirm that the DRBG their configuration specified is being used. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12931) commit 0ed26fb63c814458e9906a916fe3ce5ca961842f Author: Pauli Date: Tue Sep 22 09:26:23 2020 +1000 drbg: gettable parameters for cipher/digest/mac type. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12931) commit c9452d74a4bad8853ca60889788e51d46328877d Author: Pauli Date: Tue Sep 22 09:25:35 2020 +1000 kdf/mac: add name query calls for KDFs and MACs Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12931) commit d8e52fd05e350ee308715c46ac13dbea2899a6ce Author: Pauli Date: Tue Sep 22 08:29:58 2020 +1000 evp_rand: fix bug in gettable_ctx/settable_ctx calls Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12931) commit 44d2482ba62bf7fc2fd4cfc250ad09e0feaa42da Author: Pauli Date: Mon Sep 21 16:07:34 2020 +1000 Add a "random" configuration section. This permits the default trio of DRBGs to have their type and parameters set using configuration. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12931) --- Summary of changes: apps/include/app_params.h | 1 + apps/lib/app_params.c | 36 apps/list.c | 81 +++- crypto/conf/conf_mall.c | 2 + crypto/cpt_err.c | 6 +- crypto/err/openssl.txt| 2 + crypto/evp/evp_rand.c | 4 +- crypto/evp/kdf_lib.c | 7 ++ crypto/evp/mac_lib.c | 7 ++ crypto/rand/rand_lib.c| 108 +- doc/internal/man3/ossl_random_add_conf_module.pod | 42 + doc/man3/EVP_KDF.pod | 9 +- doc/man3/EVP_MAC.pod | 9 +- doc/man5/config.pod | 51 ++ include/crypto/rand.h | 5 + include/openssl/cryptoerr.h | 2 + include/openssl/evp.h | 1 + include/openssl/kdf.h | 1 + providers/implementations/rands/drbg_ctr.c| 15 +++ providers/implementations/rands/drbg_hash.c | 11 +++ providers/implementations/rands/drbg_hmac.c | 22 + test/recipes/20-test_rand_config.t| 103 + util/libcrypto.num| 4 +- 23 files changed, 517 insertions(+), 12 deletions(-) create mode 100644 doc/internal/man3/ossl_random_add_conf_module.pod create mode 100644 test/recipes/20-test_rand_config.t diff --git a/apps/include/app_params.h b/apps/include/app_params.h index 2060b5200e..d282fd657f 100644 --- a/apps/include/app_params.h +++ b/apps/include/app_params.h @@ -10,4 +10,5 @@ #include int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent); +void print_param_value(const OSSL_PARAM *p, int indent); diff --git a/apps/lib/app_params.c b/apps/lib/app_params.c index 3305b1e922..04337cbc83 100644 --- a/apps/lib/app_params.c +++ b/apps/lib/app_params.c @@ -94,3 +94,39 @@ int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent) return 1; } +void print_param_value(const OSSL_PARAM *p, int indent) +{ +int64_t i; +uint64_t u; + +printf("%*s%s: ", indent, "", p->key); +switch (p->data_type) { +case OSSL_PARAM_UNSIGNED_INTEGER: +if (OSSL_PARAM_get_uint64(p, )) +BIO_printf(bio_out, "%llu\n", (unsigned long long int)u); +else +
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-rc2
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-rc2 Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok Could not read any cert of certificates from -in file from ../../../openssl/test/certs/v3-certs-RC2.p12 C020541A3F7F:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:103: ../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out tmp.p12 =>
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile"
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-pic
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-pic Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings no-pic Configuring OpenSSL version 3.0.0-alpha7-dev for target linux-x86_64 Using os-specific seed configuration md5_one.o appears 2 times for the product libcrypto md5_dgst.o appears 2 times for the product libcrypto md5-x86_64.o appears 2 times for the product libcrypto md5_sha1.o appears 2 times for the product libcrypto Failure! Makefile wasn't produced. Please read INSTALL.md and associated NOTES-* files. You may also have to look over your available compiler tool chain or change your configuration. Died at ../openssl/Configure line 2428.
Errored: openssl/openssl#37654 (master - 11b93a1)
Build Update for openssl/openssl - Build: #37654 Status: Errored Duration: 1 hr, 33 mins, and 24 secs Commit: 11b93a1 (master) Author: Daniel Bevenius Message: DOC: remove OPENSSL_CTX from OSSL_DECODER_CTX_new This commit changes the man page for OSSL_DECODER_CTX_new by removing the OPENSSL_CTX parameter which matches the declaration in decoder.h. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12935) View the changeset: https://github.com/openssl/openssl/compare/4640cd00c36f...11b93a1c82f2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/186100535?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#37653 (master - 4640cd0)
Build Update for openssl/openssl - Build: #37653 Status: Errored Duration: 1 hr, 20 mins, and 8 secs Commit: 4640cd0 (master) Author: Pauli Message: rand: reference count the EVP_RAND contexts. This is required before the RAND/DRBG framework can be made user mutable. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12904) View the changeset: https://github.com/openssl/openssl/compare/8e3a64fdb6e1...4640cd00c36f View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/186096002?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 11b93a1c82f2cb2be67b2d08cac4168a16555364 (commit) from 4640cd00c36f0535d297d1ed10665597c4e2c7f2 (commit) - Log - commit 11b93a1c82f2cb2be67b2d08cac4168a16555364 Author: Daniel Bevenius Date: Mon Sep 21 15:48:55 2020 +0200 DOC: remove OPENSSL_CTX from OSSL_DECODER_CTX_new This commit changes the man page for OSSL_DECODER_CTX_new by removing the OPENSSL_CTX parameter which matches the declaration in decoder.h. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12935) --- Summary of changes: doc/man3/OSSL_DECODER_CTX.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/OSSL_DECODER_CTX.pod b/doc/man3/OSSL_DECODER_CTX.pod index bb8875ea4f..27e0a67a96 100644 --- a/doc/man3/OSSL_DECODER_CTX.pod +++ b/doc/man3/OSSL_DECODER_CTX.pod @@ -32,7 +32,7 @@ OSSL_DECODER_INSTANCE_get_input_type typedef struct ossl_decoder_ctx_st OSSL_DECODER_CTX; - OSSL_DECODER_CTX *OSSL_DECODER_CTX_new(OPENSSL_CTX *libctx); + OSSL_DECODER_CTX *OSSL_DECODER_CTX_new(void); const OSSL_PARAM *OSSL_DECODER_settable_ctx_params(OSSL_DECODER *decoder); int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx, const OSSL_PARAM params[]);
[openssl] master update
The branch master has been updated via 4640cd00c36f0535d297d1ed10665597c4e2c7f2 (commit) from 8e3a64fdb6e1e2826a334b095147d3ebe1acac2a (commit) - Log - commit 4640cd00c36f0535d297d1ed10665597c4e2c7f2 Author: Pauli Date: Wed Sep 16 11:10:01 2020 +1000 rand: reference count the EVP_RAND contexts. This is required before the RAND/DRBG framework can be made user mutable. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12904) --- Summary of changes: crypto/evp/evp_local.h | 3 +++ crypto/evp/evp_rand.c | 38 +- doc/man3/EVP_RAND.pod | 1 + 3 files changed, 37 insertions(+), 5 deletions(-) diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 3268aa4109..285c69103b 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -69,6 +69,9 @@ struct evp_kdf_ctx_st { struct evp_rand_ctx_st { EVP_RAND *meth; /* Method structure */ void *data; /* Algorithm-specific data */ +EVP_RAND_CTX *parent; /* Parent EVP_RAND or NULL if none */ +CRYPTO_REF_COUNT refcnt;/* Context reference count */ +CRYPTO_RWLOCK *refcnt_lock; } /* EVP_RAND_CTX */ ; struct evp_keymgmt_st { diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 0e5e8c11f9..2e4edfff34 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -308,6 +308,13 @@ int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]) return 1; } +static int evp_rand_ctx_up_ref(EVP_RAND_CTX *ctx) +{ +int ref = 0; + +return CRYPTO_UP_REF(>refcnt, , ctx->refcnt_lock); +} + EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent) { EVP_RAND_CTX *ctx; @@ -320,13 +327,21 @@ EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent) } ctx = OPENSSL_zalloc(sizeof(*ctx)); -if (ctx == NULL) { +if (ctx == NULL || (ctx->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { +OPENSSL_free(ctx); EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } if (parent != NULL) { if (!EVP_RAND_enable_locking(parent)) { EVPerr(0, EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING); +CRYPTO_THREAD_lock_free(ctx->refcnt_lock); +OPENSSL_free(ctx); +return NULL; +} +if (!evp_rand_ctx_up_ref(parent)) { +EVPerr(0, ERR_R_INTERNAL_ERROR); +CRYPTO_THREAD_lock_free(ctx->refcnt_lock); OPENSSL_free(ctx); return NULL; } @@ -338,20 +353,33 @@ EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent) || !EVP_RAND_up_ref(rand)) { EVPerr(0, ERR_R_MALLOC_FAILURE); rand->freectx(ctx->data); +CRYPTO_THREAD_lock_free(ctx->refcnt_lock); OPENSSL_free(ctx); +EVP_RAND_CTX_free(parent); return NULL; } ctx->meth = rand; +ctx->parent = parent; +ctx->refcnt = 1; return ctx; } void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx) { if (ctx != NULL) { -ctx->meth->freectx(ctx->data); -ctx->data = NULL; -EVP_RAND_free(ctx->meth); -OPENSSL_free(ctx); +int ref = 0; + +CRYPTO_DOWN_REF(>refcnt, , ctx->refcnt_lock); +if (ref <= 0) { +EVP_RAND_CTX *parent = ctx->parent; + +ctx->meth->freectx(ctx->data); +ctx->data = NULL; +EVP_RAND_free(ctx->meth); +CRYPTO_THREAD_lock_free(ctx->refcnt_lock); +OPENSSL_free(ctx); +EVP_RAND_CTX_free(parent); +} } } diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index dfd2a7eb4c..b7b836f03e 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -85,6 +85,7 @@ cryptographically secure random bytes. B is a type that holds the implementation of a RAND. B is a context type that holds the algorithm inputs. +B structures are reference counted. =head2 Algorithm implementation fetching
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Configuring OpenSSL version 3.0.0-alpha7-dev for target linux-x86_64 Using os-specific seed configuration md5_sha1.o appears 2 times for the product libcrypto md5-x86_64.o appears 2 times for the product libcrypto md5_one.o appears 2 times for the product libcrypto md5_dgst.o appears 2 times for the product libcrypto Failure! Makefile wasn't produced. Please read INSTALL.md and associated NOTES-* files. You may also have to look over your available compiler tool chain or change your configuration. Died at ../openssl/Configure line 2428.
Passed: openssl/openssl#37652 (OpenSSL_1_1_1h - f123043)
Build Update for openssl/openssl - Build: #37652 Status: Passed Duration: 50 mins and 48 secs Commit: f123043 (OpenSSL_1_1_1h) Author: Matt Caswell Message: Prepare for 1.1.1h release Reviewed-by: Matthias St. Pierre View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_1_1h View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/185998255?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): # Failed test 'p10cr csr non-existing file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.certout_p10cr4.pem -out_trusted root.crt -csr empty.txt => 139 not ok 78 - p10cr csr empty file # -- # Failed test 'p10cr csr empty file' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.certout_revreason.pem -out_trusted root.crt -revreason 5 => 139 not ok 79 - ir + ignored revocation # -- ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd cr -newkey new.key -newkeypass 'pass:' -certout test.certout_cr.pem -out_trusted root.crt => 139 not ok 82 - cr # -- # Failed test 'cr' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. ../../../../../no-ui-console/util/wrap.pl ../../../../../no-ui-console/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd kur -newkey new.key -newkeypass 'pass:' -certout test.certout_kur.pem -out_trusted root.crt -oldcert test.certout_newkey.pem -server '127.0.0.1:1700' -cert test.certout_newkey.pem -key
Errored: openssl/openssl#37643 (master - 8e3a64f)
Build Update for openssl/openssl - Build: #37643 Status: Errored Duration: 51 mins and 0 secs Commit: 8e3a64f (master) Author: Paul Yang Message: Add auto-gen SM2 der files into .gitignore Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12536) View the changeset: https://github.com/openssl/openssl/compare/6b1428ac1274...8e3a64fdb6e1 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/185927824?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[web] master update
The branch master has been updated via 272b74db20a3cec1c9882f58161efa93accad094 (commit) from 4a2dac4738e42fc30f7f38d9292a9391f715757e (commit) - Log - commit 272b74db20a3cec1c9882f58161efa93accad094 Author: Matt Caswell Date: Tue Sep 22 14:05:56 2020 +0100 Updates for the 1.1.1h release Reviewed-by: Mark J. Cox Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/web/pull/196) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index c1820fa..25cb6db 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +22-Sep-2020: OpenSSL 1.1.1h is now available, including bug fixes 09-Sep-2020: Security Advisory: Raccoon attack 05-Sep-2020: New Blog post: OpenSSL Is Looking for a Full Time Administrator and Manager 06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it
[openssl] OpenSSL_1_1_1h create
The annotated tag OpenSSL_1_1_1h has been created at 2cc678ce157832a21d2716c7f1774371b811cc15 (tag) tagging f123043faa15965c34947670ff3d3a7005d6bdb4 (commit) replaces OpenSSL_1_1_1g tagged by Matt Caswell on Tue Sep 22 13:55:07 2020 +0100 - Log - OpenSSL 1.1.1h release tag -BEGIN PGP SIGNATURE- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl9p9CsRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJE4pgf+LraDk/D4QHxLzVEo7ZrSIUR1u75tHTlz YnlbquplRRu7eg9V6IuBN3WZofmOfiN+VjpZUe59sI+hjPq6iVohVKkRqEVAPEMT 2h1H+pXhe/OM4rBiaA/W08kwb1kRI4dS9hdX2DRMjNW+oIYLslBXPjjMtnU0/L0A qX12jsFhTt5gx1wNiLIe9h6U/YVg3ZCjgMBem4koPsVfXO00p3WxfVKgpHs2/yxJ KT7qhaEievULOxROWzzGl2wlVUgzGq62fSfkPicGD7pee7kw0wi/Meos6l4Vyexo dzG7bFIUMI57dkFOWEqX4tKwCyO2MxmO1Xc4aw3fvcEyOu74BFXXJA== =Ezks -END PGP SIGNATURE- Arne Schwabe (1): Fix type cast in SSL_CTX_set1_groups macro Attila Szakacs (1): Configuration: do not overwrite BASE_unix ex_libs in AIX Benjamin Kaduk (2): sslapitest: only compile test when it will be used Fix a typo in SSL_CTX_set_session_ticket_cb.pod Benny Baumann (1): Force ssl/tls protocol flags to use stream sockets Bernd Edlinger (9): Remove AES bitsliced S-box implementation from Boyar and Peralta Fix rsa8192.pem Fix some places where X509_up_ref is used without error handling. Fix egd and devrandom source configs Avoid undefined behavior with unaligned accesses bio printf: Avoid using rounding errors in range check Revert the check for NaN in %f format Prevent extended tests run unexpectedly in appveyor Fix a buffer overflow in drbg_ctr_generate Billy Brumley (1): [test] ectest: check custom generators Christian Hohnstaedt (1): i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success Dimitri John Ledkov (1): man3: Drop warning about using security levels higher than 1. Dirk-Willem van Gulik (1): Add setter equivalents to X509_REQ_get0_signature Dr. David von Oheimb (9): Allow NULL arg to OSSL_STORE_close() Fix B<..> vs. I<..> and add two remarks in OSSL_STORE_open.pod Make BIO_do_connect() and friends handle multiple IP addresses Replace BUF_strdup() call by OPENSSL_strdup() adding failure check in bss_acpt.c Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() x509_vfy.c: Improve key usage checks in internal_verify() of cert chains Dr. Matthias St. Pierre (3): Fix use-after-free in BIO_C_SET_SSL callback Fix the DRBG seed propagation Revert two renamings backported from master Glenn Strauss (1): improve SSL_CTX_set_tlsext_ticket_key_cb ref impl Gustaf Neumann (1): Fix typos and repeated words Henry N (1): Fix: ecp_nistz256-armv4.S bad arguments Hubert Kario (1): use safe primes in ssl_get_auto_dh() Jack O'Connor (1): fix a docs typo Jung-uk Kim (1): Ignore vendor name in Clang version number. Kurt Roeckx (1): Improve SSL_shutdown documentation. Matt Caswell (15): Prepare for 1.1.1h-dev Correct alignment calculation in ssl3_setup_write Ensure we never use a partially initialised CMAC_CTX Correctly handle the return value from EVP_Cipher() in the CMAC code Add a CMAC test Make it clear that you can't use all ciphers for CMAC Ensure that SSL_dup copies the min/max protocol version Update the SSL_dup documentation to match reality Don't attempt to duplicate the BIO state in SSL_dup Add an SSL_dup test Fix a typo on the SSL_dup page Fix a test_verify failure Updates CHANGES and NEWS for the new release Update copyright year Prepare for 1.1.1h release Maxim Zakharov (1): TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) Maximilian Blenk (1): Fix PEM certificate loading that sometimes fails MiĆosz Kaniewski (1): Free pre_proc_exts in SSL_free() Nicola Tuveri (13): [EC] Constify internal EC_KEY pointer usage [EC] harden EC_KEY against leaks from memory accesses [BN] harden `BN_copy()` against leaks from memory accesses Fix typo from #10631 More testing for sign/verify through `dgst` More testing for CLI usage of Ed25519 and Ed448 keys [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation Test genpkey app for EC keygen with various args Refactor BN_R_NO_INVERSE logic in internal functions [EC][ASN1] Detect missing OID when serializing EC parameters and keys [apps/genpkey] exit status should not be 0 on
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5c2c624e2e8c50368a081fdd5ff8cb33e1124187 (commit) via f123043faa15965c34947670ff3d3a7005d6bdb4 (commit) from 24a535eaf0f7fac31302027370720e3de3aba17b (commit) - Log - commit 5c2c624e2e8c50368a081fdd5ff8cb33e1124187 Author: Matt Caswell Date: Tue Sep 22 13:55:17 2020 +0100 Prepare for 1.1.1i-dev Reviewed-by: Matthias St. Pierre commit f123043faa15965c34947670ff3d3a7005d6bdb4 Author: Matt Caswell Date: Tue Sep 22 13:55:07 2020 +0100 Prepare for 1.1.1h release Reviewed-by: Matthias St. Pierre --- Summary of changes: CHANGES| 6 +- NEWS | 6 +- README | 2 +- include/openssl/opensslv.h | 4 ++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 150af73395..fcb824c02d 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.1g and 1.1.1h [xx XXX ] + Changes between 1.1.1h and 1.1.1i [xx XXX ] + + *) + + Changes between 1.1.1g and 1.1.1h [22 Sep 2020] *) Certificates with explicit curve parameters are now disallowed in verification chains if the X509_V_FLAG_X509_STRICT flag is used. diff --git a/NEWS b/NEWS index 47db6cbb5d..0a9adf3e3d 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [under development] + Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [under development] + + o + + Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] o Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used diff --git a/README b/README index c7bf50c520..8a44e9dbe5 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1h-dev + OpenSSL 1.1.1i-dev Copyright (c) 1998-2020 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index e6b5825b81..840450e67c 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101080L -# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1h-dev xx XXX " +# define OPENSSL_VERSION_NUMBER 0x10101090L +# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1i-dev xx XXX " /*- * The macros below are to be used for shared library (.so, .dll, ...)
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 24a535eaf0f7fac31302027370720e3de3aba17b (commit) via 6f26a76d2d8caf5142a444a9aa60316aa99b21a2 (commit) from 256989ce442c19151ae2b79b8d137c364e8479f2 (commit) - Log - commit 24a535eaf0f7fac31302027370720e3de3aba17b Author: Matt Caswell Date: Tue Sep 22 13:14:20 2020 +0100 Update copyright year Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12949) commit 6f26a76d2d8caf5142a444a9aa60316aa99b21a2 Author: Matt Caswell Date: Tue Sep 22 13:13:17 2020 +0100 Updates CHANGES and NEWS for the new release Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12949) --- Summary of changes: CHANGES | 4 NEWS | 6 +- apps/genpkey.c| 2 +- apps/s_client.c | 2 +- crypto/aes/aes_ige.c | 2 +- crypto/asn1/d2i_pr.c | 2 +- crypto/asn1/x_algor.c | 2 +- crypto/bio/b_print.c | 2 +- crypto/bn/bn_gcd.c| 2 +- crypto/bn/bn_lib.c| 2 +- crypto/bn/bn_mpi.c| 2 +- crypto/cmac/cmac.c| 2 +- crypto/cms/cms_lib.c | 2 +- crypto/cms/cms_sd.c | 2 +- crypto/conf/conf_def.c| 2 +- crypto/dso/dso_win32.c| 2 +- crypto/ec/ec_ameth.c | 2 +- crypto/ec/ec_local.h | 2 +- crypto/engine/eng_lib.c | 2 +- crypto/evp/encode.c | 2 +- crypto/mem_sec.c | 2 +- crypto/modes/cbc128.c | 2 +- crypto/modes/ccm128.c | 2 +- crypto/modes/cfb128.c | 2 +- crypto/modes/ctr128.c | 2 +- crypto/modes/gcm128.c | 2 +- crypto/modes/modes_local.h| 2 +- crypto/modes/ofb128.c | 2 +- crypto/modes/xts128.c | 2 +- crypto/o_str.c| 2 +- crypto/o_time.c | 2 +- crypto/pem/pem_lib.c | 2 +- crypto/pem/pem_pkey.c | 2 +- crypto/pem/pvkfmt.c | 2 +- crypto/rand/randfile.c| 2 +- crypto/rsa/rsa_ameth.c| 2 +- crypto/store/loader_file.c| 2 +- crypto/store/store_lib.c | 2 +- crypto/ui/ui_openssl.c| 2 +- crypto/whrlpool/wp_block.c| 2 +- crypto/x509/x509_local.h | 2 +- crypto/x509/x509_req.c| 2 +- crypto/x509/x509_txt.c| 2 +- crypto/x509/x_pubkey.c| 2 +- crypto/x509v3/pcy_data.c | 2 +- crypto/x509v3/v3_alt.c| 2 +- doc/man1/CA.pl.pod| 2 +- doc/man1/ca.pod | 2 +- doc/man1/dgst.pod | 2 +- doc/man1/enc.pod | 2 +- doc/man1/ocsp.pod | 2 +- doc/man1/pkcs12.pod | 2 +- doc/man1/pkcs8.pod| 2 +- doc/man1/pkeyutl.pod | 2 +- doc/man1/s_server.pod | 2 +- doc/man1/ts.pod | 2 +- doc/man1/tsget.pod| 2 +- doc/man1/verify.pod | 2 +- doc/man3/ASN1_INTEGER_get_int64.pod | 2 +- doc/man3/ASN1_STRING_length.pod | 2 +- doc/man3/ASN1_TIME_set.pod| 2 +- doc/man3/ASYNC_WAIT_CTX_new.pod | 2 +- doc/man3/ASYNC_start_job.pod | 2 +- doc/man3/BF_encrypt.pod | 2 +- doc/man3/BIO_ADDR.pod | 2 +- doc/man3/BIO_ADDRINFO.pod | 2 +- doc/man3/BIO_connect.pod | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/BIO_get_data.pod | 2 +- doc/man3/BIO_parse_hostserv.pod | 2 +- doc/man3/BIO_read.pod | 2 +- doc/man3/BIO_s_accept.pod | 2 +- doc/man3/BIO_s_bio.pod| 2 +- doc/man3/BIO_s_connect.pod| 2 +- doc/man3/BIO_s_file.pod | 2 +-
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -certs -noout ../../../../openssl/test/testcrl.pem => 1 not ok 410 - Checking that -certs returns 0 objects on a CRL file # -- # Failed test 'Checking that -certs returns 0 objects on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 208. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testx509.pem => 1 not ok 411 - Checking that -crls returns 0 objects on a certificate file # -- # Failed test 'Checking that -crls returns 0 objects on a certificate file' # at ../openssl/test/recipes/90-test_store.t line 212. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -crls -noout ../../../../openssl/test/testcrl.pem => 1 not ok 412 - Checking that -crls returns 1 object on a CRL file # -- # Failed test 'Checking that -crls returns 1 object on a CRL file' # at ../openssl/test/recipes/90-test_store.t line 215. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl ../../../apps/openssl storeutl -engine loader_attic -noout -subject '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' rehash => 1 not ok 413 # -- # Failed test at ../openssl/test/recipes/90-test_store.t line 226. storeutl: Unknown message digest: engine storeutl: Use -help for summary. ../../../util/wrap.pl
Errored: openssl/openssl#37638 (master - 6b1428a)
Build Update for openssl/openssl - Build: #37638 Status: Errored Duration: 1 hr, 58 mins, and 58 secs Commit: 6b1428a (master) Author: Randall S. Becker Message: Added FIPS DEP initialization for the NonStop platform in fips/self_test.c. CLA: Permission is granted by the author to the OpenSSL team to use these modifications. Fixes #12918 Signed-off-by: Randall S. Becker Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12928) View the changeset: https://github.com/openssl/openssl/compare/434343f896a2...6b1428ac1274 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/185914558?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok
Build completed: openssl master.37090
Build openssl master.37090 completed Commit 9b2857f9b3 by Dr. Matthias St. Pierre on 9/13/2020 10:47 PM: Revert two renamings backported from master Configure your notification preferences
[openssl] master update
The branch master has been updated via 8e3a64fdb6e1e2826a334b095147d3ebe1acac2a (commit) via e9aa4a16a63d3498ca211afb28207792e1cde0b6 (commit) via 1d03db90850b18adb63b62afd800a08300cf8228 (commit) via b3d267caac21dd0a7d7a8cfcc304b253df5e82f4 (commit) via d0b79f8631c0f522c514175be4e4fbe984cf8f6c (commit) via 7ee511d093758360ed421e420cc29d9aaf11f143 (commit) from 6b1428ac12749f7ff0e49be363e9f7097f0e58b0 (commit) - Log - commit 8e3a64fdb6e1e2826a334b095147d3ebe1acac2a Author: Paul Yang Date: Fri Sep 18 10:27:42 2020 +0800 Add auto-gen SM2 der files into .gitignore Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12536) commit e9aa4a16a63d3498ca211afb28207792e1cde0b6 Author: Paul Yang Date: Mon Sep 14 18:17:35 2020 +0800 refactor get params functions Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12536) commit 1d03db90850b18adb63b62afd800a08300cf8228 Author: Paul Yang Date: Sun Sep 13 20:47:00 2020 +0800 support PARAM_SECURITY_BITS for SM2 Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12536) commit b3d267caac21dd0a7d7a8cfcc304b253df5e82f4 Author: Paul Yang Date: Sun Sep 13 20:31:13 2020 +0800 Address review comments Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12536) commit d0b79f8631c0f522c514175be4e4fbe984cf8f6c Author: Paul Yang Date: Wed Mar 4 23:49:43 2020 +0800 Add SM2 signature algorithm to default provider Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12536) commit 7ee511d093758360ed421e420cc29d9aaf11f143 Author: Paul Yang Date: Sun Jul 26 23:25:49 2020 +0800 Add SM2 key management Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12536) --- Summary of changes: .gitignore | 2 + crypto/ec/ec_key.c | 21 +- crypto/err/openssl.txt | 2 + crypto/evp/pmeth_gn.c | 42 -- crypto/evp/pmeth_lib.c | 32 +- crypto/sm2/sm2_err.c | 2 +- crypto/sm2/sm2_pmeth.c | 4 +- crypto/sm2/sm2_sign.c | 22 +- include/crypto/sm2.h | 9 +- include/crypto/sm2err.h| 8 +- include/openssl/core_names.h | 1 + include/openssl/ec.h | 1 + providers/common/der/SM2.asn1 | 11 + providers/common/der/build.info| 16 +- .../common/der/{der_dsa.h.in => der_sm2.h.in} | 8 +- .../der/{der_ecx_gen.c.in => der_sm2_gen.c.in} | 4 +- .../common/der/{der_ec_key.c => der_sm2_key.c} | 4 +- .../common/der/{der_dsa_sig.c => der_sm2_sig.c}| 27 +- providers/defltprov.c | 6 + .../implementations/include/prov/implementations.h | 4 + providers/implementations/keymgmt/ec_kmgmt.c | 201 +++- providers/implementations/signature/build.info | 6 + providers/implementations/signature/sm2sig.c | 534 + test/ecdsatest.c | 14 + test/evp_extra_test.c | 61 ++- 25 files changed, 877 insertions(+), 165 deletions(-) create mode 100644 providers/common/der/SM2.asn1 copy providers/common/der/{der_dsa.h.in => der_sm2.h.in} (69%) copy providers/common/der/{der_ecx_gen.c.in => der_sm2_gen.c.in} (85%) copy providers/common/der/{der_ec_key.c => der_sm2_key.c} (80%) copy providers/common/der/{der_dsa_sig.c => der_sm2_sig.c} (57%) create mode 100644 providers/implementations/signature/sm2sig.c diff --git a/.gitignore b/.gitignore index 0e9405a7ff..8795a2c5dd 100644 --- a/.gitignore +++ b/.gitignore @@ -57,12 +57,14 @@ providers/common/der/der_ec_gen.c providers/common/der/der_ecx_gen.c providers/common/der/der_rsa_gen.c providers/common/der/der_wrap_gen.c +providers/common/der/der_sm2_gen.c providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_ecx.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_digests.h providers/common/include/prov/der_wrap.h +providers/common/include/prov/der_sm2.h # error code files /crypto/err/openssl.txt.old diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . skipped: dh is not supported by this OpenSSL build 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . skipped: dh is not supported by this OpenSSL build 80-test_http.t
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t . skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 7 - iteration 7 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 8 - iteration 8 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 9 - iteration 9 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 10 - iteration 10 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 11 - iteration 11 # -- # ERROR: (ptr) 'server_ctx != NULL' failed @ ../openssl/test/ssl_test.c:477 # 0x0 not ok 12 - iteration 12 # -- not ok 1 -
Build failed: openssl master.37089
Build openssl master.37089 failed Commit 7e512dde29 by Dr. Matthias St. Pierre on 9/12/2020 10:57 PM: prov/drbg: fix the DRBG seed propagation Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 434343f896 Add const to 'ppin' function parameter 6600baa9bb DOC: POD syntax fixes in doc/man1/openssl-cmp.pod.in 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 9c13b49a9f Increase PSK_MAX_IDENTITY_LEN from 128 to 256 639bb581ce apps/ocsp: Return non zero exit code with invalid certID e57bbf9e1a Increase PSK_MAX_PSK_LEN to 512 627ddf7b5b Correct certificate and key names for explicit ec param test d5b170a2fc Fixed EVP_MAC_final argument count in example a316356133 Fix merge error with libcrypto.num b1415dc182 util/find-doc-nits: Add a regexp for C symbols and use it 48b62fb33a DECODER: Some cleanups, and aligning with OSSL_ENCODER ae12eac074 TEST: Adapt applicable tests to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 97bb8dff1f ENCODER: Adapt calls to the changed OSSL_ENCODER_CTX_new_by_EVP_PKEY() 111dc4b0f1 ENCODER: Refactor our provider encoder implementations b8975c68b1 ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER 5a6d6fe666 ENCODER: Redefine the libcrypto <-> provider interface 4a71bee6cf ocsp_vfy.c: Clean up code w.r.t. coding guidelines and reduce redundancies b5f82567af Fix: ecp_nistz256-armv4.S bad arguments 08e9684c53 Deprecate ASN1_STRING_length_set in OpenSSL 3.0. 28a5f5b39c util/mkerr.h: Restore header file rename 7889e7aef8 Fix ec keygen so that it passes the library context to SSL_SELF_TEST_get_callback(). f8e747471e Add a copy of OSSL_SELF_TEST_get_callback() to the fips module. 80f4fd18f7 Add KEM (Key encapsulation mechanism) support to providers 28833f1465 Update the EdDSA docs with information about Algorithm Identifiers 4c6348c23a Make sure we properly test for EdDSA with alg ids d12a2fe4e7 Teach EdDSA signature algorithms about AlgorithmIdentifiers 991a6bb581 Add option to fipsinstall to disable fips security checks at run time. 7a810fac86 Add 'fips-securitychecks' option and plumb this into the actual fips checks 850a485f25 fix provider exchange operations 49ed5ba8f6 fix provider signatures 16fbda848d Separate fips and non fips code for key operations a88d105ea8 Add missing 'ossl_unused' tags to some gettable and settable methods. f85a9d26be Add error message to genpkey app for the '-genparam' option 341c3e7f28 Add fips checks for ecdh key agreement 8d17cca5b8 Add fips checks for rsa encryption b8237707d4 Add fips checks for dh key agreement 0645110ebd Add fips checks for ecdsa signatures e43b448241 Add fips checks for dsa signatures 3f699197ac Add fips checks for rsa signatures. 282de1cc2d Fix some doc-nits and make update errors 028b31b32d Remove some unneeded code from lhash.h efffd8a6e4 Update err.h to use the new lhash generation code 2ca697ce00 Update conf.h.in to use the new lhash generation code 726b329339 Provide basis for fixing lhash code ecf15b16ee s_client.pod: Fix grammar in NOTES section. Build log ended with (last 100 lines): Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -certout test.certout_csr_ignored.pem -out_trusted root.crt -csr idontexist => 1 not ok 72 - csr ignored for ir # -- # Failed test 'csr ignored for ir' # at ../openssl/test/recipes/81-test_cmp_cli.t line 184. Could not read any key of private key for CMP client certificate from signer.p12 C000C442537F:error::asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:103: Unable to load private key for CMP client certificate cmp_main:../openssl/apps/cmp.c:2819:CMP error: cannot set up CMP context # cmp_main:../openssl/apps/cmp.c:2666:CMP info: using OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2263:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:690:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert ../../../../../no-des/util/wrap.pl ../../../../../no-des/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -proxy '' -no_proxy 127.0.0.1 -cmd p10cr -newkey new.key -newkeypass 'pass:' -certout test.certout_p10cr.pem