SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dgram
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 0a3b330cf0 Add test to demonstrate the app's new engine key loading f91d003a0e APPS: Adapt load_key() and load_pubkey() for the engine: loader 0b27381fd5 APPS: Add OSSL_STORE loader for engine keys 4be35545ae Fix no-dtls c195c88233 Fix a compile error with the no-sock option c39f43534d openssl dgst: add option to specify output length for XOF b03da688a2 Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY() cbcbac644c ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() 4c0d49ed41 cmp_client.c: Fix indentation and remove empty line a676c53c7f cmp_client.c: Remove dead code of variable 'txt' in cert_response() 61b0fead5e Don't Overflow when printing Thawte Strong Extranet Version 89cccbea51 Add EVP_KDF-X942 to the fips module 8018352457 Fix s390 EDDSA HW support in providers. f7f10de305 Print random seed on test failure. 8758f4e625 Correct system guessing for darwin64-arm64 target 9ab9b16bb7 apps/pkcs12.c: Correct default legacy algs and make related doc consistent 9feb2fce65 Fix simpledynamic.c - a typo and missed a header 527eb8d294 TEST: Add a simple module loader, and test the FIPS module with it 9800b1a0da TEST: Break out the local dynamic loading code from shlibloadtest.c 1234aa7e41 endecode_test.c: Add warning that 512-bit DH key size is for testing only 20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/ 93a9ffa6c2 remove obsolete test/drbg_cavs_data.h 2de4c87889 remove obsolete test/drbg_extra_test.h 172daa7fc7 RSA: correct digestinfo_ripemd160_der[] 26217510d2 aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode cbb85bda0c Fix builds that specify both no-dh and no-ec 9327b5c9c9 Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT a07dc8167b Fix instances of pointer addition with the NULL pointer
Build failed: openssl master.38509
Build openssl master.38509 failed Commit 762f6f970c by Richard Levitte on 11/20/2020 10:07 AM: Remove the old DEPRECATEDIN macros Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 0a3b330cf0 Add test to demonstrate the app's new engine key loading f91d003a0e APPS: Adapt load_key() and load_pubkey() for the engine: loader 0b27381fd5 APPS: Add OSSL_STORE loader for engine keys 4be35545ae Fix no-dtls c195c88233 Fix a compile error with the no-sock option c39f43534d openssl dgst: add option to specify output length for XOF b03da688a2 Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY() cbcbac644c ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() 4c0d49ed41 cmp_client.c: Fix indentation and remove empty line a676c53c7f cmp_client.c: Remove dead code of variable 'txt' in cert_response() 61b0fead5e Don't Overflow when printing Thawte Strong Extranet Version 89cccbea51 Add EVP_KDF-X942 to the fips module 8018352457 Fix s390 EDDSA HW support in providers. f7f10de305 Print random seed on test failure. 8758f4e625 Correct system guessing for darwin64-arm64 target 9ab9b16bb7 apps/pkcs12.c: Correct default legacy algs and make related doc consistent 9feb2fce65 Fix simpledynamic.c - a typo and missed a header 527eb8d294 TEST: Add a simple module loader, and test the FIPS module with it 9800b1a0da TEST: Break out the local dynamic loading code from shlibloadtest.c 1234aa7e41 endecode_test.c: Add warning that 512-bit DH key size is for testing only 20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/ 93a9ffa6c2 remove obsolete test/drbg_cavs_data.h 2de4c87889 remove obsolete test/drbg_extra_test.h 172daa7fc7 RSA: correct digestinfo_ripemd160_der[] 26217510d2 aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode cbb85bda0c Fix builds that specify both no-dh and no-ec 9327b5c9c9 Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT a07dc8167b Fix instances of pointer addition with the NULL pointer Build log ended with (last 100 lines): 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No
Build failed: openssl master.38508
Build openssl master.38508 failed Commit 650e30f8e4 by Richard Levitte on 11/20/2020 12:06 PM: fixup! Switch deprecation method for AES Configure your notification preferences
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 0a3b330cf0 Add test to demonstrate the app's new engine key loading f91d003a0e APPS: Adapt load_key() and load_pubkey() for the engine: loader 0b27381fd5 APPS: Add OSSL_STORE loader for engine keys 4be35545ae Fix no-dtls c195c88233 Fix a compile error with the no-sock option c39f43534d openssl dgst: add option to specify output length for XOF b03da688a2 Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY() cbcbac644c ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() 4c0d49ed41 cmp_client.c: Fix indentation and remove empty line a676c53c7f cmp_client.c: Remove dead code of variable 'txt' in cert_response() 61b0fead5e Don't Overflow when printing Thawte Strong Extranet Version 89cccbea51 Add EVP_KDF-X942 to the fips module 8018352457 Fix s390 EDDSA HW support in providers. f7f10de305 Print random seed on test failure. 8758f4e625 Correct system guessing for darwin64-arm64 target 9ab9b16bb7 apps/pkcs12.c: Correct default legacy algs and make related doc consistent 9feb2fce65 Fix simpledynamic.c - a typo and missed a header 527eb8d294 TEST: Add a simple module loader, and test the FIPS module with it 9800b1a0da TEST: Break out the local dynamic loading code from shlibloadtest.c 1234aa7e41 endecode_test.c: Add warning that 512-bit DH key size is for testing only 20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/ 93a9ffa6c2 remove obsolete test/drbg_cavs_data.h 2de4c87889 remove obsolete test/drbg_extra_test.h 172daa7fc7 RSA: correct digestinfo_ripemd160_der[] 26217510d2 aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode cbb85bda0c Fix builds that specify both no-dh and no-ec 9327b5c9c9 Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT a07dc8167b Fix instances of pointer addition with the NULL pointer
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 0a3b330cf0 Add test to demonstrate the app's new engine key loading f91d003a0e APPS: Adapt load_key() and load_pubkey() for the engine: loader 0b27381fd5 APPS: Add OSSL_STORE loader for engine keys 4be35545ae Fix no-dtls c195c88233 Fix a compile error with the no-sock option c39f43534d openssl dgst: add option to specify output length for XOF b03da688a2 Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY() cbcbac644c ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() 4c0d49ed41 cmp_client.c: Fix indentation and remove empty line a676c53c7f cmp_client.c: Remove dead code of variable 'txt' in cert_response() 61b0fead5e Don't Overflow when printing Thawte Strong Extranet Version 89cccbea51 Add EVP_KDF-X942 to the fips module 8018352457 Fix s390 EDDSA HW support in providers. f7f10de305 Print random seed on test failure. 8758f4e625 Correct system guessing for darwin64-arm64 target 9ab9b16bb7 apps/pkcs12.c: Correct default legacy algs and make related doc consistent 9feb2fce65 Fix simpledynamic.c - a typo and missed a header 527eb8d294 TEST: Add a simple module loader, and test the FIPS module with it 9800b1a0da TEST: Break out the local dynamic loading code from shlibloadtest.c 1234aa7e41 endecode_test.c: Add warning that 512-bit DH key size is for testing only 20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/ 93a9ffa6c2 remove obsolete test/drbg_cavs_data.h 2de4c87889 remove obsolete test/drbg_extra_test.h 172daa7fc7 RSA: correct digestinfo_ripemd160_der[] 26217510d2 aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode cbb85bda0c Fix builds that specify both no-dh and no-ec 9327b5c9c9 Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT a07dc8167b Fix instances of pointer addition with the NULL pointer Build log ended with (last 100 lines): 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration
[openssl] master update
The branch master has been updated via a7e6a3d8ef4eea0e211441392b80a7acfd4a16b2 (commit) via e442cdaea2fbd049fc7798a4ad39fb986f55d4de (commit) via 7b42408756f53d38022363e2f0ac999db7d23a65 (commit) via 30742e8e7f93f58964bf7619f9c1783e6b3b03fc (commit) from 70cae332a2c200087605f94cdccfee80c9380fbf (commit) - Log - commit a7e6a3d8ef4eea0e211441392b80a7acfd4a16b2 Author: Pauli Date: Tue Dec 1 11:30:10 2020 +1000 tag unused function arguments as ossl_unused Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13577) commit e442cdaea2fbd049fc7798a4ad39fb986f55d4de Author: Pauli Date: Tue Dec 1 11:18:36 2020 +1000 remove unused initialisations Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13577) commit 7b42408756f53d38022363e2f0ac999db7d23a65 Author: Pauli Date: Tue Dec 1 11:13:08 2020 +1000 remove unused assignments Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13577) commit 30742e8e7f93f58964bf7619f9c1783e6b3b03fc Author: Pauli Date: Tue Dec 1 10:58:32 2020 +1000 remove unused return value assignments Fixes: #13555 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13577) --- Summary of changes: crypto/aes/aes_ige.c | 4 +-- crypto/asn1/asn1_par.c | 4 +-- crypto/asn1/bio_ndef.c | 2 +- crypto/asn1/tasn_dec.c | 2 -- crypto/bio/b_print.c | 2 +- crypto/bn/bn_exp.c | 3 --- crypto/evp/e_aes_cbc_hmac_sha1.c | 4 +-- crypto/evp/e_aes_cbc_hmac_sha256.c | 5 ++-- crypto/initthread.c| 2 +- crypto/store/store_result.c| 2 -- crypto/x509/by_dir.c | 1 - crypto/x509/x509_vfy.c | 2 +- include/internal/refcount.h| 31 +++--- .../ciphers/cipher_aes_cbc_hmac_sha1_hw.c | 4 +-- .../ciphers/cipher_aes_cbc_hmac_sha256_hw.c| 6 ++--- providers/implementations/keymgmt/rsa_kmgmt.c | 15 +-- ssl/record/ssl3_record_tls13.c | 2 +- ssl/statem/extensions.c| 4 +-- ssl/statem/extensions_clnt.c | 5 ++-- ssl/statem/extensions_srvr.c | 12 ++--- ssl/statem/statem_lib.c| 3 ++- 21 files changed, 56 insertions(+), 59 deletions(-) diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index bbe9bcd4f8..72fcba7a0c 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -50,7 +50,7 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, unsigned char *ivec, const int enc) { size_t n; -size_t len = length; +size_t len = length / AES_BLOCK_SIZE; if (length == 0) return; @@ -59,8 +59,6 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); -len = length / AES_BLOCK_SIZE; - if (AES_ENCRYPT == enc) { if (in != out && (UNALIGNED_MEMOPS_ARE_FAST diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index b2a1b3a27d..cf6d48ce10 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -72,10 +72,8 @@ static int asn1_print_info(BIO *bp, long offset, int depth, int hl, long len, if (saved_indent >= 0) BIO_set_indent(bp, saved_indent); if (pop_f_prefix) { -BIO *next = BIO_pop(bp); - +BIO_pop(bp); BIO_free(bp); -bp = next; } return i; } diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index b86b294bf1..87c22e897c 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -121,7 +121,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ndef_aux->derbuf = p; *pbuf = p; -derlen = ASN1_item_ndef_i2d(ndef_aux->val, , ndef_aux->it); +ASN1_item_ndef_i2d(ndef_aux->val, , ndef_aux->it); if (*ndef_aux->boundary == NULL) return 0; diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 3fbf168558..09adbf5d07 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -344,7 +344,6 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, } len -= p - q; seq_eoc = 0; -q = p; break; } /* @@ -519,7 +518,6
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: 0a3b330cf0 Add test to demonstrate the app's new engine key loading f91d003a0e APPS: Adapt load_key() and load_pubkey() for the engine: loader 0b27381fd5 APPS: Add OSSL_STORE loader for engine keys 4be35545ae Fix no-dtls c195c88233 Fix a compile error with the no-sock option c39f43534d openssl dgst: add option to specify output length for XOF b03da688a2 Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY() cbcbac644c ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() 4c0d49ed41 cmp_client.c: Fix indentation and remove empty line a676c53c7f cmp_client.c: Remove dead code of variable 'txt' in cert_response() 61b0fead5e Don't Overflow when printing Thawte Strong Extranet Version 89cccbea51 Add EVP_KDF-X942 to the fips module 8018352457 Fix s390 EDDSA HW support in providers. f7f10de305 Print random seed on test failure. 8758f4e625 Correct system guessing for darwin64-arm64 target 9ab9b16bb7 apps/pkcs12.c: Correct default legacy algs and make related doc consistent 9feb2fce65 Fix simpledynamic.c - a typo and missed a header 527eb8d294 TEST: Add a simple module loader, and test the FIPS module with it 9800b1a0da TEST: Break out the local dynamic loading code from shlibloadtest.c 1234aa7e41 endecode_test.c: Add warning that 512-bit DH key size is for testing only 20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/ 93a9ffa6c2 remove obsolete test/drbg_cavs_data.h 2de4c87889 remove obsolete test/drbg_extra_test.h 172daa7fc7 RSA: correct digestinfo_ripemd160_der[] 26217510d2 aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode cbb85bda0c Fix builds that specify both no-dh and no-ec 9327b5c9c9 Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT a07dc8167b Fix instances of pointer addition with the NULL pointer Build log ended with (last 100 lines): -o test/tls13ccstest \ test/helpers/tls13ccstest-bin-ssltestlib.o \ test/tls13ccstest-bin-tls13ccstest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/tls13secretstest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/tls13secretstest \ crypto/tls13secretstest-bin-packet.o \ ssl/tls13secretstest-bin-tls13_enc.o \ test/tls13secretstest-bin-tls13secretstest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/uitest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/uitest \ apps/lib/uitest-bin-apps_ui.o test/uitest-bin-uitest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread make[1]: Leaving directory '/home/openssl/run-checker/no-asm' $ make test make depend && make _tests make[1]: Entering directory '/home/openssl/run-checker/no-asm' make[1]: Leaving directory '/home/openssl/run-checker/no-asm' make[1]: Entering directory '/home/openssl/run-checker/no-asm' ( SRCTOP=../openssl \ BLDTOP=. \ PERL="/usr/bin/perl" \ FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \ EXE_EXT= \ /usr/bin/perl ../openssl/test/run_tests.pl ) 01-test_abort.t ok 01-test_sanity.t ... ok 01-test_symbol_presence.t .. ok 01-test_test.t . ok 02-test_errstr.t ... ok 02-test_internal_context.t . ok 02-test_internal_ctype.t ... ok 02-test_internal_keymgmt.t . ok 02-test_internal_provider.t ok 02-test_lhash.t ok 02-test_ordinals.t . ok 02-test_sparse_array.t . ok 02-test_stack.t ok 03-test_exdata.t ... ok 03-test_fipsinstall.t .. ok 03-test_internal_asn1.t ok 03-test_internal_asn1_dsa.t ok 03-test_internal_bn.t .. ok 03-test_internal_chacha.t
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 9d5580612887b0c37016e7b65707e8e9dc27f4bb (commit) from 924c4f942108cc05d97fe03a70ce0ef0a00c4e45 (commit) - Log - commit 9d5580612887b0c37016e7b65707e8e9dc27f4bb Author: Benjamin Kaduk Date: Sat Nov 28 17:11:46 2020 -0800 Fix comment in do_dtls1_write() This code started off as a copy of ssl3_write_bytes(), and the comment was not updated with the implementation. Reported by yangyangtiantianlonglong in #13518 Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13566) (cherry picked from commit 70cae332a2c200087605f94cdccfee80c9380fbf) --- Summary of changes: ssl/record/rec_layer_d1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 73ca8a6ee4..7e22270485 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -808,8 +808,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, wb = >rlayer.wbuf[0]; /* - * first check if there is a SSL3_BUFFER still being written out. This - * will happen with non blocking IO + * DTLS writes whole datagrams, so there can't be anything left in + * the buffer. */ if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 0a3b330cf0 Add test to demonstrate the app's new engine key loading f91d003a0e APPS: Adapt load_key() and load_pubkey() for the engine: loader 0b27381fd5 APPS: Add OSSL_STORE loader for engine keys 4be35545ae Fix no-dtls c195c88233 Fix a compile error with the no-sock option c39f43534d openssl dgst: add option to specify output length for XOF b03da688a2 Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY() cbcbac644c ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() 4c0d49ed41 cmp_client.c: Fix indentation and remove empty line a676c53c7f cmp_client.c: Remove dead code of variable 'txt' in cert_response() 61b0fead5e Don't Overflow when printing Thawte Strong Extranet Version 89cccbea51 Add EVP_KDF-X942 to the fips module 8018352457 Fix s390 EDDSA HW support in providers. f7f10de305 Print random seed on test failure. 8758f4e625 Correct system guessing for darwin64-arm64 target 9ab9b16bb7 apps/pkcs12.c: Correct default legacy algs and make related doc consistent 9feb2fce65 Fix simpledynamic.c - a typo and missed a header 527eb8d294 TEST: Add a simple module loader, and test the FIPS module with it 9800b1a0da TEST: Break out the local dynamic loading code from shlibloadtest.c 1234aa7e41 endecode_test.c: Add warning that 512-bit DH key size is for testing only 20f8bc7255 test cleanup: move helper .c and .h files to test/helpers/ 93a9ffa6c2 remove obsolete test/drbg_cavs_data.h 2de4c87889 remove obsolete test/drbg_extra_test.h 172daa7fc7 RSA: correct digestinfo_ripemd160_der[] 26217510d2 aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode cbb85bda0c Fix builds that specify both no-dh and no-ec 9327b5c9c9 Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT a07dc8167b Fix instances of pointer addition with the NULL pointer
[openssl] master update
The branch master has been updated via 70cae332a2c200087605f94cdccfee80c9380fbf (commit) from 0a3b330cf09dd3746f4f9c5bb82d9bbcfff809c1 (commit) - Log - commit 70cae332a2c200087605f94cdccfee80c9380fbf Author: Benjamin Kaduk Date: Sat Nov 28 17:11:46 2020 -0800 Fix comment in do_dtls1_write() This code started off as a copy of ssl3_write_bytes(), and the comment was not updated with the implementation. Reported by yangyangtiantianlonglong in #13518 Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13566) --- Summary of changes: ssl/record/rec_layer_d1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 53ac5eebbc..cc412bae37 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -800,8 +800,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, wb = >rlayer.wbuf[0]; /* - * first check if there is a SSL3_BUFFER still being written out. This - * will happen with non blocking IO + * DTLS writes whole datagrams, so there can't be anything left in + * the buffer. */ if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
[openssl] master update
The branch master has been updated via 0a3b330cf09dd3746f4f9c5bb82d9bbcfff809c1 (commit) via f91d003a0ef0c748a11ccdb19c7661a3f2df9ab0 (commit) via 0b27381fd544beca44df905991923a7fa374d80a (commit) from 4be35545aea9f76e3704fe88bb8f3fc135ceb4c8 (commit) - Log - commit 0a3b330cf09dd3746f4f9c5bb82d9bbcfff809c1 Author: Richard Levitte Date: Mon Nov 30 10:44:34 2020 +0100 Add test to demonstrate the app's new engine key loading This adds a bit of functionality in ossltest, so it can now be used to load PEM files. It takes the file name as key ID, but just to make sure faults aren't ignored, it requires all file names to be prefixed with 'ot:'. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/13570) commit f91d003a0ef0c748a11ccdb19c7661a3f2df9ab0 Author: Richard Levitte Date: Mon Nov 30 07:25:46 2020 +0100 APPS: Adapt load_key() and load_pubkey() for the engine: loader These two functions react when the FORMAT_ENGINE format is given, and use the passed ENGINE |e| and the passed key argument to form a URI suitable for the engine: loader. Co-authored-by: David von Oheimb Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/13570) commit 0b27381fd544beca44df905991923a7fa374d80a Author: Richard Levitte Date: Fri Oct 12 17:02:58 2018 +0200 APPS: Add OSSL_STORE loader for engine keys The idea is to be able to have our apps load engine keys using a URI: org.openssl.engine:{engineid}:{keyid} This is legacy, but added for the time being to support keys given to the application like this: -engine {engineid} -key {keyid} -keyform ENGINE This latter form is recognised internally, and rewritten into the URI form. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/13570) --- Summary of changes: apps/cmp.c | 6 +- apps/include/apps.h | 6 +- apps/include/engine_loader.h | 21 apps/lib/apps.c | 69 +++-- apps/lib/build.info | 2 +- apps/lib/engine.c| 59 +--- apps/lib/engine_loader.c | 203 +++ apps/openssl.c | 2 + doc/man1/openssl-ca.pod.in | 4 +- doc/man1/openssl-cmp.pod.in | 46 + doc/man1/openssl-cms.pod.in | 4 +- doc/man1/openssl-dgst.pod.in | 6 +- doc/man1/openssl-ec.pod.in | 6 +- doc/man1/openssl-list.pod.in | 1 - doc/man1/openssl-pkcs12.pod.in | 20 ++-- doc/man1/openssl-pkey.pod.in | 6 +- doc/man1/openssl-pkeyutl.pod.in | 8 +- doc/man1/openssl-req.pod.in | 6 +- doc/man1/openssl-rsa.pod.in | 6 +- doc/man1/openssl-rsautl.pod.in | 6 +- doc/man1/openssl-s_client.pod.in | 8 +- doc/man1/openssl-s_server.pod.in | 18 +++- doc/man1/openssl-smime.pod.in| 6 +- doc/man1/openssl-spkac.pod.in| 8 +- doc/man1/openssl-ts.pod.in | 6 +- doc/man1/openssl-verify.pod.in | 2 + doc/man1/openssl-x509.pod.in | 10 +- doc/man1/openssl.pod | 41 ++-- engines/e_ossltest.c | 44 + test/recipes/90-test_store.t | 41 +++- 30 files changed, 510 insertions(+), 161 deletions(-) create mode 100644 apps/include/engine_loader.h create mode 100644 apps/lib/engine_loader.c diff --git a/apps/cmp.c b/apps/cmp.c index c932ba..d57c67c644 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -409,11 +409,7 @@ const OPTIONS cmp_options[] = { {"engine", OPT_ENGINE, 's', "Use crypto engine with given identifier, possibly a hardware device."}, {OPT_MORE_STR, 0, 0, - "Engines may be defined in OpenSSL config file engine section."}, -{OPT_MORE_STR, 0, 0, - "Options like -key specifying keys held in the engine can give key IDs"}, -{OPT_MORE_STR, 0, 0, - "prefixed by 'engine:', e.g. '-key engine:pkcs11:object=mykey;pin-value=1234'"}, + "Engines may also be defined in OpenSSL config file engine section."}, #endif OPT_PROV_OPTIONS, diff --git a/apps/include/apps.h b/apps/include/apps.h index 0848a2e03e..ddfa3c8383 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -36,6 +36,7 @@ # include "opt.h" # include "fmt.h" # include "platform.h" +# include "engine_loader.h" /* * quick macro when you need to pass an unsigned char instead of a char. @@ -155,10 +156,7 @@ ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug); void release_engine(ENGINE *e); int init_engine(ENGINE *e); int finish_engine(ENGINE *e); -EVP_PKEY *load_engine_private_key(ENGINE *e, const char *keyid, -
Build failed: openssl master.38483
Build openssl master.38483 failed Commit 72b0dc645e by Dr. David von Oheimb on 12/2/2020 8:05 AM: run_tests.pl: Improve diagnostics on the use of HARNESS_JOBS Configure your notification preferences
[openssl] master update
The branch master has been updated via 4be35545aea9f76e3704fe88bb8f3fc135ceb4c8 (commit) via c195c882335874505f58debf3f6bf750377c62af (commit) from c39f43534d4f359bdfee617f70f89b114c9f2cca (commit) - Log - commit 4be35545aea9f76e3704fe88bb8f3fc135ceb4c8 Author: Matt Caswell Date: Tue Dec 1 15:34:24 2020 + Fix no-dtls Ensure we correctly detect if DTLS has been disabled in the client auth test_ssl_new tests. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13587) commit c195c882335874505f58debf3f6bf750377c62af Author: Matt Caswell Date: Tue Dec 1 15:19:56 2020 + Fix a compile error with the no-sock option BIO_do_connect() can work even in no-sock builds (non socket based BIOs have the right ctrls). Therefore we move the macro outside of the OPENSSL_NO_SOCK guards Fixes #12207 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13587) --- Summary of changes: include/openssl/bio.h.in | 7 +++ test/ssl-tests/04-client_auth.cnf.in | 3 ++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in index d7380d47e9..d52392def8 100644 --- a/include/openssl/bio.h.in +++ b/include/openssl/bio.h.in @@ -443,12 +443,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_BIND_REUSEADDR_IF_UNUSEDBIO_SOCK_REUSEADDR # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) # define BIO_get_bind_mode(b)BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) - -/* BIO_s_accept() and BIO_s_connect() */ -# define BIO_do_connect(b) BIO_do_handshake(b) -# define BIO_do_accept(b)BIO_do_handshake(b) # endif /* OPENSSL_NO_SOCK */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b)BIO_do_handshake(b) + # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ diff --git a/test/ssl-tests/04-client_auth.cnf.in b/test/ssl-tests/04-client_auth.cnf.in index 5c748cb515..ad0ae7ae18 100644 --- a/test/ssl-tests/04-client_auth.cnf.in +++ b/test/ssl-tests/04-client_auth.cnf.in @@ -15,13 +15,14 @@ our $fips_mode; my @protocols; my @is_disabled = (0); -push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); # We test version-flexible negotiation (undef) and each protocol version. if ($fips_mode) { @protocols = (undef, "TLSv1.2", "DTLSv1.2"); +push @is_disabled, anydisabled("tls1_2", "dtls1_2"); } else { @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); +push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); } our @tests = ();
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 924c4f942108cc05d97fe03a70ce0ef0a00c4e45 (commit) from 409c59e8f44ae56f2587cdd8a7ce611d0e3d91d9 (commit) - Log - commit 924c4f942108cc05d97fe03a70ce0ef0a00c4e45 Author: Dr. David von Oheimb Date: Tue Dec 1 15:58:58 2020 +0100 Turn on Github CI - backport improved ci.yml to 1.1.1 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13586) --- Summary of changes: .github/workflows/ci.yml | 93 1 file changed, 93 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00..a00ed88098 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,93 @@ +name: GitHub CI + +on: [pull_request] + +# for some reason, this does not work: +# variables: +# BUILDOPTS: "-j4" + +# not implemented for v1.1.1: HARNESS_JOBS: "${HARNESS_JOBS:-4}" + +# for some reason, this does not work: +# before_script: +# - make="make -s" + +jobs: + basic_gcc: +runs-on: ubuntu-latest +steps: + - uses: actions/checkout@v2 + - name: config +run: ./config --strict-warnings && perl configdata.pm --dump + - name: make +run: make -s -j4 + - name: make test +run: make test + - name: make doc-nits +run: make doc-nits + + basic_clang: +runs-on: ubuntu-latest +steps: + - uses: actions/checkout@v2 + - name: config +run: CC=clang ./config --strict-warnings && perl configdata.pm --dump + - name: make +run: make -s -j4 + - name: make test +run: make test + + minimal: +runs-on: ubuntu-latest +steps: + - uses: actions/checkout@v2 + - name: config +run: ./config --strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump + - name: make +run: make -s -j4 + - name: make test +run: make test + + sanitizers: +runs-on: ubuntu-latest +steps: + - uses: actions/checkout@v2 + - name: config +run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump + - name: make +run: make -s -j4 + - name: make test +run: make test OPENSSL_TEST_RAND_ORDER=0 + + enable_non-default_options: +runs-on: ubuntu-latest +steps: + - uses: actions/checkout@v2 + - name: config +run: ./config --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd && perl configdata.pm --dump + - name: make +run: make -s -j4 + - name: make test +run: make test + + legacy: +runs-on: ubuntu-latest +steps: + - uses: actions/checkout@v2 + - name: config +run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 && perl configdata.pm --dump + - name: make +run: make -s -j4 + - name: make test +run: make test + + buildtest: +runs-on: ubuntu-latest +steps: + - uses: actions/checkout@v2 + - name: config +run: ./config no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump + - name: make +run: make -s -j4 + - name: make test +run: make test
Build completed: openssl master.38482
Build openssl master.38482 completed Commit 7209264dc3 by Shane Lontis on 12/2/2020 8:36 AM: fixup! Deprecate EC_POINT_bn2point and EC_POINT_point2bn. Configure your notification preferences
[openssl] master update
The branch master has been updated via c39f43534d4f359bdfee617f70f89b114c9f2cca (commit) from b03da688a223c18b5a10b5a66abe229bbb590133 (commit) - Log - commit c39f43534d4f359bdfee617f70f89b114c9f2cca Author: Daiki Ueno Date: Mon Oct 26 13:23:14 2020 +0100 openssl dgst: add option to specify output length for XOF This adds the -xoflen option to control the output length of the XOF algorithms, such as SHAKE128 and SHAKE256. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13245) --- Summary of changes: apps/dgst.c | 54 +++- doc/man1/openssl-dgst.pod.in | 5 test/recipes/20-test_dgst.t | 18 +-- 3 files changed, 64 insertions(+), 13 deletions(-) diff --git a/apps/dgst.c b/apps/dgst.c index badcfdf0e2..4adf9cd9b4 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -24,7 +24,7 @@ #undef BUFSIZE #define BUFSIZE 1024*8 -int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, const char *file); @@ -40,7 +40,7 @@ typedef enum OPTION_choice { OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, -OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, +OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN, OPT_DIGEST, OPT_R_ENUM, OPT_PROV_ENUM } OPTION_CHOICE; @@ -65,6 +65,7 @@ const OPTIONS dgst_options[] = { {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, {"hex", OPT_HEX, '-', "Print as hex dump"}, {"binary", OPT_BINARY, '-', "Print in binary form"}, +{"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms"}, {"d", OPT_DEBUG, '-', "Print debug info"}, {"debug", OPT_DEBUG, '-', "Print debug info"}, @@ -105,6 +106,7 @@ int dgst_main(int argc, char **argv) OPTION_CHOICE o; int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0; int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0; +int xoflen = 0; unsigned char *buf = NULL, *sigbuf = NULL; int engine_impl = 0; struct doall_dgst_digests dec; @@ -180,6 +182,9 @@ int dgst_main(int argc, char **argv) case OPT_BINARY: out_bin = 1; break; +case OPT_XOFLEN: +xoflen = atoi(opt_arg()); +break; case OPT_DEBUG: debug = 1; break; @@ -399,9 +404,20 @@ int dgst_main(int argc, char **argv) if (md != NULL) md_name = EVP_MD_name(md); +if (xoflen > 0) { +if (!(EVP_MD_flags(md) & EVP_MD_FLAG_XOF)) { +BIO_printf(bio_err, "Length can only be specified for XOF\n"); +goto end; +} +if (sigkey != NULL) { +BIO_printf(bio_err, "Signing key cannot be specified for XOF\n"); +goto end; +} +} + if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); -ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, +ret = do_fp(out, buf, inp, separator, out_bin, xoflen, sigkey, sigbuf, siglen, NULL, md_name, "stdin"); } else { const char *sig_name = NULL; @@ -417,8 +433,8 @@ int dgst_main(int argc, char **argv) ret++; continue; } else { -r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, - siglen, sig_name, md_name, argv[i]); +r = do_fp(out, buf, inp, separator, out_bin, xoflen, + sigkey, sigbuf, siglen, sig_name, md_name, argv[i]); } if (r) ret = r; @@ -504,14 +520,14 @@ static const char *newline_escape_filename(const char *file, int * backslash) } -int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, const char *file) { size_t len = BUFSIZE; int i, backslash = 0, ret = 1; -unsigned char *sigbuf = NULL; +unsigned char *allocated_buf = NULL; while (BIO_pending(bp) || !BIO_eof(bp)) { i = BIO_read(bp, (char *)buf, BUFSIZE); @@ -552,14 +568,30 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } if (tmplen > BUFSIZE) { len = tmplen; -
Build failed: openssl master.38481
Build openssl master.38481 failed Commit 1e5fbfca4c by Shane Lontis on 12/2/2020 7:52 AM: Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces Configure your notification preferences
[openssl] master update
The branch master has been updated via b03da688a223c18b5a10b5a66abe229bbb590133 (commit) via cbcbac644c4679e535948e49983d335ae46c578e (commit) from 4c0d49ed414fbf19bd06198376c05a303bdbcaac (commit) - Log - commit b03da688a223c18b5a10b5a66abe229bbb590133 Author: Richard Levitte Date: Fri Nov 27 08:03:23 2020 +0100 Adapt everything else to the updated OSSL_ENCODER_CTX_new_by_EVP_PKEY() Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13545) commit cbcbac644c4679e535948e49983d335ae46c578e Author: Richard Levitte Date: Fri Nov 27 07:59:02 2020 +0100 ENCODER: Don't pass libctx to OSSL_ENCODER_CTX_new_by_EVP_PKEY() The passed 'pkey' already contains a library context, and the encoder implementations should be found within the same context, so passing an explicit library context seems unnecessary, and potentially dangerous. It should be noted that it's possible to pass an EVP_PKEY with a legacy internal key. The condition there is that it doesn't have a library context assigned to it, so the NULL library context is used automatically, thus requiring that appropriate encoders are available through that context. Fixes #13544 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13545) --- Summary of changes: apps/dhparam.c| 2 +- apps/rsa.c| 2 +- crypto/asn1/i2d_evp.c | 3 +-- crypto/encode_decode/encoder_pkey.c | 30 +++ crypto/evp/evp_pkey.c | 4 +--- crypto/evp/p_lib.c| 9 crypto/pem/pem_local.h| 2 +- crypto/pem/pem_pk8.c | 30 +-- crypto/x509/x_pubkey.c| 8 ++- doc/man3/OSSL_ENCODER_CTX_new_by_EVP_PKEY.pod | 4 ++-- include/openssl/encoder.h | 1 - test/endecode_test.c | 2 +- test/endecoder_legacy_test.c | 6 +++--- test/evp_libctx_test.c| 2 +- test/evp_pkey_provided_test.c | 2 +- 15 files changed, 59 insertions(+), 48 deletions(-) diff --git a/apps/dhparam.c b/apps/dhparam.c index e2fb38d8c0..58cdfd000d 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -325,7 +325,7 @@ int dhparam_main(int argc, char **argv) OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, outformat == FORMAT_ASN1 ? "DER" : "PEM", - NULL, NULL, NULL); + NULL, NULL); if (ectx == NULL || !OSSL_ENCODER_to_bio(ectx, out)) { OSSL_ENCODER_CTX_free(ectx); diff --git a/apps/rsa.c b/apps/rsa.c index da1342b4c0..058c2be2ad 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -323,7 +323,7 @@ int rsa_main(int argc, char **argv) /* Now, perform the encoding */ ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection, output_type, output_structure, -NULL, NULL); +NULL); if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { BIO_printf(bio_err, "%s format not supported\n", output_type); goto end; diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c index d0468bf5c2..da1d136184 100644 --- a/crypto/asn1/i2d_evp.c +++ b/crypto/asn1/i2d_evp.c @@ -42,8 +42,7 @@ static int i2d_provided(const EVP_PKEY *a, int selection, size_t len = INT_MAX; ctx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(a, selection, "DER", - *output_structures, - NULL, NULL); + *output_structures, NULL); if (ctx == NULL) return -1; if (OSSL_ENCODER_to_data(ctx, pp, )) diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c index 594543b19e..e8e1c77b5f 100644 --- a/crypto/encode_decode/encoder_pkey.c +++ b/crypto/encode_decode/encoder_pkey.c @@ -210,10 +210,10 @@ static void encoder_destruct_EVP_PKEY(void *arg) static int ossl_encoder_ctx_setup_for_EVP_PKEY(OSSL_ENCODER_CTX *ctx, const EVP_PKEY *pkey, int selection, - OSSL_LIB_CTX *libctx, const char *propquery) { struct construct_data_st *data =
Build completed: openssl master.38479
Build openssl master.38479 completed Commit 8d688407a6 by Shane Lontis on 11/25/2020 5:21 AM: Fix Segfault in EVP_PKEY_CTX_dup when the ctx has an undefined operation. Configure your notification preferences
[openssl] master update
The branch master has been updated via 4c0d49ed414fbf19bd06198376c05a303bdbcaac (commit) via a676c53c7f456c5f3c61798ad99f7c30448e1c17 (commit) from 61b0fead5e6079ca826594df5b9ca00e65883cb0 (commit) - Log - commit 4c0d49ed414fbf19bd06198376c05a303bdbcaac Author: Ankita Shetty Date: Tue Nov 24 19:55:27 2020 +0100 cmp_client.c: Fix indentation and remove empty line Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13488) commit a676c53c7f456c5f3c61798ad99f7c30448e1c17 Author: Ankita Shetty Date: Mon Nov 23 17:12:33 2020 +0100 cmp_client.c: Remove dead code of variable 'txt' in cert_response() Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13488) --- Summary of changes: crypto/cmp/cmp_client.c | 14 -- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 75176cd195..9b01b772e3 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -86,7 +86,6 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx, return 1; } - /* Save error info from PKIStatusInfo field of a certresponse into ctx */ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si) { @@ -199,7 +198,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, /* received message type is not one of the expected ones (e.g., error) */ ERR_raise(ERR_LIB_CMP, bt == OSSL_CMP_PKIBODY_ERROR ? CMP_R_RECEIVED_ERROR : - CMP_R_UNEXPECTED_PKIBODY); /* in next line for mkerr.pl */ + CMP_R_UNEXPECTED_PKIBODY); /* in next line for mkerr.pl */ if (bt != OSSL_CMP_PKIBODY_ERROR) { ERR_add_error_data(3, "message type is '", @@ -633,14 +632,9 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, /* not throwing failure earlier as transfer_cb may call ERR_clear_error() */ if (fail_info != 0) { -if (txt == NULL) -ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED, - "rejecting newly enrolled cert with subject: %s", - subj); -else -ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED, - "rejecting newly enrolled cert with subject: %s; %s", - subj, txt); +ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED, + "rejecting newly enrolled cert with subject: %s; %s", + subj, txt); ret = 0; } OPENSSL_free(subj);
Build failed: openssl master.38478
Build openssl master.38478 failed Commit ab590f6622 by Shane Lontis on 11/23/2020 11:01 PM: fixup! Add fips self tests for all included kdf Configure your notification preferences
[openssl] master update
The branch master has been updated via 61b0fead5e6079ca826594df5b9ca00e65883cb0 (commit) from 89cccbea51fa52a1e4784a9ece35d96e4dcbfd30 (commit) - Log - commit 61b0fead5e6079ca826594df5b9ca00e65883cb0 Author: Matt Caswell Date: Thu Nov 19 13:58:21 2020 + Don't Overflow when printing Thawte Strong Extranet Version When printing human readable info on the Thawte Strong Extranet extension the version number could overflow if the version number == LONG_MAX. This is undefined behaviour. Issue found by OSSFuzz. Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/13452) --- Summary of changes: crypto/x509/v3_sxnet.c| 18 +++--- .../crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 | Bin 0 -> 65 bytes 2 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c index 76f5eafc73..6e2b796a38 100644 --- a/crypto/x509/v3_sxnet.c +++ b/crypto/x509/v3_sxnet.c @@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET) static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent) { -long v; +int64_t v; char *tmp; SXNETID *id; int i; -v = ASN1_INTEGER_get(sx->version); -BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); + +/* + * Since we add 1 to the version number to display it, we don't support + * LONG_MAX since that would cause on overflow. + */ +if (!ASN1_INTEGER_get_int64(, sx->version) +|| v >= LONG_MAX +|| v < LONG_MIN) { +BIO_printf(out, "%*sVersion: ", indent, ""); +} else { +long vl = (long)v; + +BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl); +} for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); tmp = i2s_ASN1_INTEGER(NULL, id->zone); diff --git a/fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 b/fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 new file mode 100644 index 00..dde1c66748 Binary files /dev/null and b/fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 differ
Build failed: openssl master.38477
Build openssl master.38477 failed Commit 89cccbea51 by Shane Lontis on 12/2/2020 2:15 AM: Add EVP_KDF-X942 to the fips module Configure your notification preferences