Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: b1eae34bbe Fix running mingw dhparam test under wine fa2a7490c0 Fix typo in thread_once comments eeb09f1bd7 Fix OSSL_PARAM_allocate_from_text() for EBCDIC 0c3eb2793b TLS client: allow cert verify callback return -1 for SSL_ERROR_WANT_RETRY_VERIFY 1395a84e48 params: OSSL_PARAM_utf8_ptr: don't automatically reference `address` df78589893 DOC: Fix a few minor issues in OSSL_ENCODER / OSSL_DECODER docs ba0a6d1deb Clean away unnecessary length related OSSL_PARAM key names 7b0f64b121 Check that the ecparam and pkeyparam do not mangle the parameters 82a4620091 Add checks for NULL return from EC_KEY_get0_group() f468e2f951 ec: Document that -conv_form and -no_public are not supported with engine 59b64259b8 ssl_old_test.c: Replace use of deprecated EC functions adffee9753 EVP_PKEY_get_group_name works with public keys as well 36fafb2e80 Add manpage for EVP_PKEY_get_field_type and EVP_PKEY_get_point_conv_form 0c8e98e615 Avoid using OSSL_PKEY_PARAM_GROUP_NAME when the key might be legacy f377e58fde Disable the test-ec completely when building with no-ec 3d34bedfd7 Add EVP_PKEY functions to get EC conv form and field type 5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY 98dbf2c1c8 Add functions to set values into an EVP_PKEY 5764c3522c krb5kdf: Do not dereference NULL ctx when allocation fails b897b353df Drop Travis 4605b34d56 Github CI: Add a job for out-of-source build + install d9c22dde29 Unix Makefile generator: Fix empty basename calls c27e792221 bn: Deprecate the X9.31 RSA key generation related functions Build log ended with (last 100 lines): # setup_client_ctx:../openssl/apps/cmp.c:2001:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2051:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 0 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo1.pem -out_trusted root.crt => 0 not ok 43 - popo RAVERIFIED # -- # cmp_main:../openssl/apps/cmp.c:2685:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2284:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:694:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2001:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:165:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:183:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2051:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_cli/test.certout_popo5.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # -- # Failed test 'popo NONE' # at ../openssl/test/recipes/81-test_cmp_cli.t line 183. # cmp_main:../openssl/apps/cmp.c:2685:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2284:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:694:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via c2fc1115eac53d2043e09bfa43ac5407f87fe417 (commit)
from a7222fc14d5977210d2b4673a68039824a039dc2 (commit)
- Log -
commit c2fc1115eac53d2043e09bfa43ac5407f87fe417
Author: Dr. David von Oheimb
Date: Tue Jan 26 11:53:15 2021 +0100
check_sig_alg_match(): weaken sig nid comparison to base alg
This (re-)allows RSA-PSS signers
Fixes #13931
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13982)
---
Summary of changes:
crypto/x509v3/v3_purp.c | 9 ++---
test/certs/ca-pss-cert.pem| 21 +
test/certs/ca-pss-key.pem | 28
test/certs/ee-pss-cert.pem| 21 +
test/certs/mkcert.sh | 22 +-
test/certs/setup.sh | 13 +
test/recipes/25-test_verify.t | 5 -
7 files changed, 106 insertions(+), 13 deletions(-)
create mode 100644 test/certs/ca-pss-cert.pem
create mode 100644 test/certs/ca-pss-key.pem
create mode 100644 test/certs/ee-pss-cert.pem
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 93b5ca4d42..3f5ce5c91c 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -348,14 +348,17 @@ static int setup_crldp(X509 *x)
/* Check that issuer public key algorithm matches subject signature algorithm
*/
static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject)
{
-int pkey_nid;
+int pkey_sig_nid, subj_sig_nid;
if (pkey == NULL)
return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
+if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey),
+NULL, &pkey_sig_nid) == 0)
+pkey_sig_nid = EVP_PKEY_base_id(pkey);
if
(OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm),
-NULL, &pkey_nid) == 0)
+NULL, &subj_sig_nid) == 0)
return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM;
-if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey))
+if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid))
return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH;
return X509_V_OK;
}
diff --git a/test/certs/ca-pss-cert.pem b/test/certs/ca-pss-cert.pem
new file mode 100644
index 00..566b63a800
--- /dev/null
+++ b/test/certs/ca-pss-cert.pem
@@ -0,0 +1,21 @@
+-BEGIN CERTIFICATE-
+MIIDXjCCAhagAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTIxMDEyNjEwMDUwOFoYDzIxMjEwMTI3MTAwNTA4WjARMQ8wDQYDVQQD
+DAZDQS1QU1MwggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEAtclsFtJOQgAC
+ZxTPn2T2ksmibRNVAnEfVCgfJxsPN3aEERgqqhWbC4LmGHRIIjQ9DpobarydJivw
+epDaiu11rgwXgenIobIVvVr2+L3ngalYdkwmmPVImNN8Ef575ybE/kVgTu9X37DJ
+t+8psfVGeFg4RKykOi7SfPCSKHKSeZUXPj9AYwZDw4HX2rhstRopXAmUzz2/uAaR
+fmU7tYOG5qhfMUpP+Ce0ZBlLE9JjasY+d20/mDFuvFEc5qjfzNqv/7okyBjaWB4h
+gwnjXASrqKlqHKVU1UyrJc76yAniimy+IoXKAELetIJGSN15GYaWJcAIs0Eybjyk
+gyAu7Zlf/wIDAQABo2AwXjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAd
+BgNVHQ4EFgQUGfmhA/VcxWkh7VUBHxUdHHQLgrAwHwYDVR0jBBgwFoAUjvUlrx6b
+a4Q9fICayVOcTXL3o1IwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAY
+BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEBAF6rSSBj+dkv0UGuE1El
+lB9zVpqVlV72RY8gAkmSJmbzblHEO/PYV/UnNJ2C2IXEhAQaE0xKCg+WC2RO56oc
+qZc6UXBCN8G9rJKVxgXVbciP4pQYN6POpmhJfQqzNPwzTADt3HY6X9gQtyG0fuQF
+OPDc+mXjRvBrcYMkAgYiKe+oA45WDWYpIvipWVQ3xP/BSGJqrdKx5SOrJA72+BLM
+bPbD3tBC2SVirDjv0N926Wcb/JQFkM+5YY2/yKNybstngr4Pb1T/tESsIZvGG2Tk
+3IhBl1dJtC9gpGTRa8NzQvcmPK9VUjWtv5YNA+FxD9FTxGibh7Aw1fbFCV91Qjc3
+JQQ=
+-END CERTIFICATE-
diff --git a/test/certs/ca-pss-key.pem b/test/certs/ca-pss-key.pem
new file mode 100644
index 00..9270c36484
--- /dev/null
+++ b/test/certs/ca-pss-key.pem
@@ -0,0 +1,28 @@
+-BEGIN PRIVATE KEY-
+MIIEvQIBADALBgkqhkiG9w0BAQoEggSpMIIEpQIBAAKCAQEAtclsFtJOQgACZxTP
+n2T2ksmibRNVAnEfVCgfJxsPN3aEERgqqhWbC4LmGHRIIjQ9DpobarydJivwepDa
+iu11rgwXgenIobIVvVr2+L3ngalYdkwmmPVImNN8Ef575ybE/kVgTu9X37DJt+8p
+sfVGeFg4RKykOi7SfPCSKHKSeZUXPj9AYwZDw4HX2rhstRopXAmUzz2/uAaRfmU7
+tYOG5qhfMUpP+Ce0ZBlLE9JjasY+d20/mDFuvFEc5qjfzNqv/7okyBjaWB4hgwnj
+XASrqKlqHKVU1UyrJc76yAniimy+IoXKAELetIJGSN15GYaWJcAIs0EybjykgyAu
+7Zlf/wIDAQABAoIBAErkiNt+GS+nwVWmhUMt3UfsOjal2EgBQt7xCKSbyVEYSqCg
+TDN2Y0IC07kPbwhobR8u7kyzGCs5vwE/3EmQOwNRh/3FyxqSu9IfP9CKrG4GzqMu
+DFjH9PjBaEQhi/pXRqFbA6qBgLpvoytcJNlkK3w5HDVuytoNoDpJAm4XhbEAwVG2
+u3De40lPKXBFaGjSrUQETnrm0Fhj+J7+VMheQZVjEHwMIOmbIDcckV0OSIWn00XG
+/Md0y0i/U8S0TkP9sVC+cKkKMCNL+BJYf5YucUIna/9PgBD36RRRq2D0e8/iP8m+
+ftnmW7fxlL2neTZ2sAS+4sm7sOoudaeAta+JoEECgYEA5ZjbBJf+FhyFOBFRoYow
+OHP+JfU7rdi8n5GpNswVmtNx3FK+eoUz+PlXTluUydS3L40ba7/mzYFzAZETF6YO
+Z8STkmvLxRTDzvZoE0SCJQAcG9I1oVWMufDVnHvljflH+IBjvMQM527dfFgaebvD
+TkRvnCup2oV3uT430++15K0CgYEAyrESfgP5f9+zZqz30N+QTWHZCzCUqSDcGhke
[openssl] master update
The branch master has been updated
via e947a0642db111bb34547b5f7d48e13163492ca5 (commit)
from d744934b756bc71344818a2cb60b13dd89954afb (commit)
- Log -
commit e947a0642db111bb34547b5f7d48e13163492ca5
Author: Daniel Bevenius
Date: Fri Oct 9 06:07:43 2020 +0200
EVP: fix keygen for EVP_PKEY_RSA_PSS
This commit attempts to fix the an issue when generating a key of type
EVP_PKEY_RSA_PSS. Currently, EVP_PKEY_CTX_set_rsa_keygen_bits will
return -1 if the key id is not of type EVP_PKEY_RSA. This commit adds
EVP_PKEY_RSA_PSS to also be accepted.
The macro EVP_PKEY_CTX_set_rsa_pss_keygen_md si converted into a
function and it is now called in legacy_ctrl_to_param.
Fixes #12384
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13099)
---
Summary of changes:
crypto/evp/pmeth_lib.c | 8 +++
crypto/rsa/rsa_lib.c| 67 -
doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod | 6 +++
include/openssl/core_names.h| 14 +++---
include/openssl/rsa.h | 11 ++--
test/evp_extra_test.c | 27 ++
util/libcrypto.num | 2 +
7 files changed, 121 insertions(+), 14 deletions(-)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 7c2e648209..7fb32df86a 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1315,6 +1315,14 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int
keytype, int optype,
return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, p1);
}
}
+
+if (keytype == EVP_PKEY_RSA_PSS) {
+ switch(cmd) {
+case EVP_PKEY_CTRL_MD:
+ return EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, p2);
+ }
+}
+
/*
* keytype == -1 is used when several key types share the same structure,
* or for generic controls that are the same across multiple key types.
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index da0fd4a6eb..6ca4f3a541 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -902,6 +902,70 @@ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int
*pad_mode)
}
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+const char *name;
+
+if (ctx == NULL || md == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+/* Uses the same return values as EVP_PKEY_CTX_ctrl */
+return -2;
+}
+
+/* If key type not RSA return error */
+if (ctx->pmeth != NULL
+&& ctx->pmeth->pkey_id != EVP_PKEY_RSA
+&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+return -1;
+
+/* TODO(3.0): Remove this eventually when no more legacy */
+if (ctx->op.keymgmt.genctx == NULL)
+return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
+ EVP_PKEY_CTRL_MD, 0, (void *)md);
+
+name = EVP_MD_name(md);
+
+return EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(ctx, name, NULL);
+}
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
+const char *mdname,
+const char *mdprops)
+{
+OSSL_PARAM rsa_params[3], *p = rsa_params;
+
+if (ctx == NULL || mdname == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+/* Uses the same return values as EVP_PKEY_CTX_ctrl */
+return -2;
+}
+
+/* If key type not RSA return error */
+if (ctx->pmeth != NULL
+&& ctx->pmeth->pkey_id != EVP_PKEY_RSA
+&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+return -1;
+
+
+*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST,
+/*
+ * Cast away the const. This is
read
+ * only so should be safe
+ */
+(char *)mdname, 0);
+if (mdprops != NULL) {
+*p++ = OSSL_PARAM_construct_utf8_string(
+OSSL_PKEY_PARAM_RSA_DIGEST_PROPS,
+/*
+ * Cast away the const. This is read only so should be safe
+ */
+(char *)mdprops, 0);
+}
+*p++ = OSSL_PARAM_construct_end();
+
+return EVP_PKEY_CTX_set_params(ctx, rsa_params);
+}
+
int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
{
const char *name;
@@ -1332,7 +1396,8 @@ int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx,
int bits)
}
/* If key type not RSA return error */
-if (ctx->pmeth !
[openssl] master update
The branch master has been updated
via d744934b756bc71344818a2cb60b13dd89954afb (commit)
via 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1 (commit)
from 732a4d15b0da7c04437ea828b2915a691b6e38db (commit)
- Log -
commit d744934b756bc71344818a2cb60b13dd89954afb
Author: Juergen Christ
Date: Tue Jan 26 17:06:54 2021 +0100
Remove superfluous EVP_KDF_CTRL_ defines.
These defines were never used and not needed.
Signed-off-by: Juergen Christ
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
Reviewed-by: Patrick Steuer
(Merged from https://github.com/openssl/openssl/pull/13781)
commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1
Author: Juergen Christ
Date: Mon Dec 14 17:36:22 2020 +0100
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
Reviewed-by: Patrick Steuer
(Merged from https://github.com/openssl/openssl/pull/13781)
---
Summary of changes:
doc/man7/EVP_KDF-SSHKDF.pod | 21 +-
doc/man7/provider-kdf.pod | 2 +-
include/openssl/kdf.h | 39 +++--
providers/fips/self_test_data.inc | 4 ++--
providers/implementations/kdfs/sshkdf.c | 12 +-
test/evp_kdf_test.c | 4 ++--
6 files changed, 31 insertions(+), 51 deletions(-)
diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod
index 454bb6b699..2b2f0cc227 100644
--- a/doc/man7/EVP_KDF-SSHKDF.pod
+++ b/doc/man7/EVP_KDF-SSHKDF.pod
@@ -41,9 +41,9 @@ These parameters work as described in
L.
These parameters set the respective values for the KDF.
If a value is already set, the contents are replaced.
-=item "type" (B)
+=item "type" (B)
-This parameter sets the type for the SSHHKDF operation.
+This parameter sets the type for the SSHKDF operation.
There are six supported types:
=over 4
@@ -51,32 +51,32 @@ There are six supported types:
=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV
The Initial IV from client to server.
-A single char of value 65 (ASCII char 'A').
+Char array initializer of value {65, 0}, i.e., ASCII string "A".
=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI
The Initial IV from server to client
-A single char of value 66 (ASCII char 'B').
+Char array initializer of value {66, 0}, i.e., ASCII string "B".
=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
The Encryption Key from client to server
-A single char of value 67 (ASCII char 'C').
+Char array initializer of value {67, 0}, i.e., ASCII string "C".
=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
The Encryption Key from server to client
-A single char of value 68 (ASCII char 'D').
+Char array initializer of value {68, 0}, i.e., ASCII string "D".
=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
The Integrity Key from client to server
-A single char of value 69 (ASCII char 'E').
+Char array initializer of value {69, 0}, i.e., ASCII string "E".
=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
The Integrity Key from client to server
-A single char of value 70 (ASCII char 'F').
+Char array initializer of value {70, 0}, i.e., ASCII string "F".
=back
@@ -103,6 +103,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K
"key" and appropriate
EVP_KDF *kdf;
EVP_KDF_CTX *kctx;
+ const char type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
unsigned char key[1024] = "01234...";
unsigned char xcghash[32] = "012345...";
unsigned char session_id[32] = "012345...";
@@ -122,8 +123,8 @@ This example derives an 8 byte IV using SHA-256 with a 1K
"key" and appropriate
xcghash, (size_t)32);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
session_id, (size_t)32);
- *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE,
- EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
+ type, sizeof(type));
*p = OSSL_PARAM_construct_end();
if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
/* Error */
diff --git a/doc/man7/provider-kdf.pod b/doc/man7/provide
[openssl] master update
The branch master has been updated
via 732a4d15b0da7c04437ea828b2915a691b6e38db (commit)
from 199df4a93f74617612abd9419ad6cf00d9c34bc3 (commit)
- Log -
commit 732a4d15b0da7c04437ea828b2915a691b6e38db
Author: Juergen Christ
Date: Wed Jan 27 11:04:52 2021 +0100
Fix cipher reinit on s390x if no key is specified
If key==null on EVP_CipherInit_ex, the init functions for the hardware
implementation is not called. The s390x implementation of OFB and CFB mode
used the init function to copy the IV into the hardware causing test
failures
on cipher reinit. Fix this by moving the copy operation into the cipher
operation.
Signed-off-by: Juergen Christ
Reviewed-by: Tomas Mraz
Reviewed-by: Patrick Steuer
(Merged from https://github.com/openssl/openssl/pull/13984)
---
Summary of changes:
providers/implementations/ciphers/cipher_aes_hw_s390x.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
index ff88673f14..e0cc6a604c 100644
--- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
@@ -55,7 +55,6 @@ static int s390x_aes_ofb128_initkey(PROV_CIPHER_CTX *dat,
{
PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
-memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
adat->plat.s390x.fc = S390X_AES_FC(keylen);
adat->plat.s390x.res = 0;
@@ -69,6 +68,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat,
unsigned char *out,
int n = adat->plat.s390x.res;
int rem;
+memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
while (n && len) {
*out = *in ^ adat->plat.s390x.param.kmo_kmf.cv[n];
n = (n + 1) & 0xf;
@@ -115,7 +115,6 @@ static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat,
adat->plat.s390x.fc |= S390X_DECRYPT;
adat->plat.s390x.res = 0;
-memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
return 1;
}
@@ -128,6 +127,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat,
unsigned char *out,
int rem;
unsigned char tmp;
+memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
while (n && len) {
tmp = *in;
*out = adat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp;
@@ -177,7 +177,6 @@ static int s390x_aes_cfb8_initkey(PROV_CIPHER_CTX *dat,
if (!dat->enc)
adat->plat.s390x.fc |= S390X_DECRYPT;
-memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
return 1;
}
@@ -187,6 +186,7 @@ static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat,
unsigned char *out,
{
PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen);
s390x_kmf(in, len, out, adat->plat.s390x.fc,
&adat->plat.s390x.param.kmo_kmf);
memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
[openssl] master update
The branch master has been updated
via 199df4a93f74617612abd9419ad6cf00d9c34bc3 (commit)
via 03f5c8930c0c04ab0c9b7d243b893db234e494b2 (commit)
via 26a44ad04b2c6dfca8d3bc445840e2d52531e178 (commit)
from 302e63cbe5176d42422934a3b3e9ada8fd66 (commit)
- Log -
commit 199df4a93f74617612abd9419ad6cf00d9c34bc3
Author: Dr. David von Oheimb
Date: Tue Jan 26 11:53:15 2021 +0100
check_sig_alg_match(): weaken sig nid comparison to allow RSA{,PSS} key
verify RSA-PSS
This is an upstream fix for #13931
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13968)
commit 03f5c8930c0c04ab0c9b7d243b893db234e494b2
Author: Dr. David von Oheimb
Date: Wed Jan 27 10:30:58 2021 +0100
Fix rsa_pss_asn1_meth to refert to rsa_sig_info_set
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13968)
commit 26a44ad04b2c6dfca8d3bc445840e2d52531e178
Author: Dr. David von Oheimb
Date: Wed Jan 27 10:30:03 2021 +0100
obj_xref: rsassaPss must map to 'undef rsassaPss' (not 'undef
rsaEncryption')
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/13968)
---
Summary of changes:
crypto/objects/obj_xref.h | 2 +-
crypto/objects/obj_xref.txt | 2 +-
crypto/rsa/rsa_ameth.c | 2 +-
crypto/x509/v3_purp.c | 18 ++
test/certs/ca-pss-cert.pem | 21 +
test/certs/ca-pss-key.pem | 28
test/certs/ee-pss-cert.pem | 21 +
test/certs/ee-pss-wrong1.5-cert.pem | 19 +++
test/certs/mkcert.sh| 22 +-
test/certs/setup.sh | 15 +++
test/recipes/25-test_verify.t | 7 ++-
11 files changed, 136 insertions(+), 21 deletions(-)
create mode 100644 test/certs/ca-pss-cert.pem
create mode 100644 test/certs/ca-pss-key.pem
create mode 100644 test/certs/ee-pss-cert.pem
create mode 100644 test/certs/ee-pss-wrong1.5-cert.pem
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index 0f8a05652e..21a193ee98 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -53,7 +53,7 @@ static const nid_triple sigoid_srt[] = {
NID_id_GostR3410_94_cc},
{NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94,
NID_id_GostR3410_2001_cc},
-{NID_rsassaPss, NID_undef, NID_rsaEncryption},
+{NID_rsassaPss, NID_undef, NID_rsassaPss},
{NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf},
diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt
index f3dd8ed318..2a61d4db59 100644
--- a/crypto/objects/obj_xref.txt
+++ b/crypto/objects/obj_xref.txt
@@ -20,7 +20,7 @@ RSA_SHA3_512 sha3_512 rsaEncryption
# For PSS the digest algorithm can vary and depends on the included
# AlgorithmIdentifier. The digest "undef" indicates the public key
# method should handle this explicitly.
-rsassaPss undef rsaEncryption
+rsassaPss undef rsassaPss
ED25519undef ED25519
ED448 undef ED448
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 43c9d046d2..852facf577 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1108,7 +1108,7 @@ const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
0, 0,
rsa_item_verify,
rsa_item_sign,
- 0,
+ rsa_sig_info_set,
rsa_pkey_check,
0, 0,
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index e8aa941a45..3226d6838f 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -362,18 +362,20 @@ static int setup_crldp(X509 *x)
}
/* Check that issuer public key algorithm matches subject signature algorithm
*/
-static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject)
+static int check_sig_alg_match(const EVP_PKEY *issuer_key, const X509 *subject)
{
-int pkey_nid;
+int signer_nid, subj_sig_nid;
-if (pkey == NULL)
+if (issuer_key == NULL)
return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
+signer_nid = EVP_PKEY_base_id(issuer_key);
if
(OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm),
-NULL, &pkey_nid) == 0)
-return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM;
-if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey))
-return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH;
-return X509_V_OK;
+NULL, &subj_sig_nid) == 0)
+ return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM;
+
[web] master update
The branch master has been updated via 15c3d9188ef04d9d3d4b98088d641163390a5e03 (commit) from ea1add5b56b63293c22ed6e374f13c9e8a56aa90 (commit) - Log - commit 15c3d9188ef04d9d3d4b98088d641163390a5e03 Author: Richard Levitte Date: Thu Jan 28 14:21:50 2021 +0100 Add newsflash about the release of OpenSSL 3.0 alpha11 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/web/pull/216) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 1d842c7..176275b 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +28-Jan-2021: Alpha 11 of OpenSSL 3.0 is now available: please download and test it 07-Jan-2021: Alpha 10 of OpenSSL 3.0 is now available: please download and test it 08-Dec-2020: OpenSSL 1.1.1i is now available, including bug and security fixes 26-Nov-2020: Alpha 9 of OpenSSL 3.0 is now available: please download and test it
[openssl] openssl-3.0.0-alpha11 create
The annotated tag openssl-3.0.0-alpha11 has been created
at 8ec1e7c79f7c0e2a6e1aebdff08584f9004a1100 (tag)
tagging 31a89254d8225bab5c33be88e08296786da6af6a (commit)
replaces openssl-3.0.0-alpha10
tagged by Richard Levitte
on Thu Jan 28 14:08:09 2021 +0100
- Log -
OpenSSL 3.0.0-alpha11 release tag
-BEGIN PGP SIGNATURE-
iF0EABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYBK3OgAKCRCnr5549wlF
O9SFAKCn1YMnaGH8wvIxZtTd4KXg9JNl5gCgoWt69D3J+AfqN1y8BiVpPQh4uOE=
=51Cm
-END PGP SIGNATURE-
Agustin Gianni (1):
Fix incorrect use of BN_CTX API
Billy Brumley (1):
[crypto/dh] side channel hardening for computing DH shared keys
Daiki Ueno (1):
params: OSSL_PARAM_utf8_ptr: don't automatically reference `address`
Daniel Bevenius (2):
Correct typo in rsa_oaep.c
Fix typo in thread_once comments
David Carlier (2):
OPENSSL_cpuid_setup FreeBSD PowerPC update
OPENSSL_cpuid_setup FreeBSD arm update.
Dmitry Belyavskiy (1):
Skip BOM when reading the config file
Dr. David von Oheimb (58):
apps.c: Fix crash in case uri arg of IS_HTTP or IS_HTTPS is NULL
apps/pkey.c: Make clear that -passout is not supported for DER output
apps/pkey.c: Re-order help output and option documentation
apps/pkey.c: Forther improve user guidance, also on non-sensical option
combinations
APPS: Fix confusion between program and app/command name used in
diagnostic/help output
APPS: Print help also on -h and --h; print high-level help when no cmd
given
Add X509_NAME_hash_ex() to be able to check if it failed due to
unsupported SHA1
TEST: move cert, key, and CSR loading aux functions to new testutil/load.c
Make PEM_X509_INFO_read_bio_ex() conservative on the error queue
x509_vfy.c: Fix a regression in find_issuer()
d2i_X509(): Make deallocation behavior consistent with d2i_X509_AUX()
X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to
due to invalid cert
apps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions
by default
APPS: Allow OPENSSL_CONF to be empty, not loading a config file
apps/req.c: add -CA and -CAkey options; improve code and doc
Add tests for (non-)default SKID and AKID inclusion by
apps/{req,x509,ca}.c
apps/lib/opt.c: Fix error message on unknown option/digest
X509_PUBKEY_set(): Fix error reporting
apps/req.c: make -subj work with -x509; clean up related code
Add X509V3_set_issuer_pkey, needed for AKID of self-issued not
self-signed cert
apps/req.c: Add -copy_extensions option for use with -x509; default: none
crypto/x509: Rename v3_{skey,skid}.c, v3_{akey,akid}.c, v3_{alt,san}.c
apps/req.c: Cosmetic improvements of code and documentation
apps/req.c: Make sure -verify option takes effect also with -x509
x509v3.h.in: Deprecate CTX_TEST and replace it by X509V3_CTX_TEST
find_issuer(): When returning an expired issuer, take the most recently
expired one
X509V3_EXT_CRL_add_nconf(): Fix mem leak on error and simplify it
bio_lib.c: Fix error queue entries and return codes on NULL args etc.
replace all BIO_R_NULL_PARAMETER by ERR_R_PASSED_NULL_PARAMETER
util/check-format.pl: Minor improvements of whitespace checks
x509_vfy.c: Rename CHECK_CB() to the more intuitively readable
CB_FAIL_IF()
make various test CA certs RFC 5280 compliant w.r.t. X509 extensions
ASN1_TIME_print() etc.: Improve doc and add comment on handling invalid
time input
X509: Enable printing cert even with invalid validity times, saying 'Bad
time value'
25-test_x509.t: Minor update: do not anymore unlink test output files
25-test_x509.t: Minor update: factor out path for test input files
25-test_x509.t: Make test case w.r.t. self-issued cert run also without
EC enabled
apps/x509.c: Take the -signkey arg as default pubkey with -new
apps/x509.c: Major code, user guidance, and documentation cleanup
constify X509_REQ_add_extensions() and X509_REQ_add_extensions_nid()
X509_REQ_print_ex(): Replace weird 'a0:00' output on empty attributes by
'(none)'
X509_REQ_print_ex(): Correct indentation of extensions, which are
attributes
apps.c: Clean up copy_extensions()
80-test_ssl_old.t: Minor corrections: update name of test dir etc.
apps/x509.c: Add -copy_extensions option, used when transforming x509 <->
req
apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile
options
X509v3_get_ext_by_NID.pod: Add warning on counter-intuitive behavior of
X509v3_delete_ext() etc.
apps/cmp.c: Improve diagnostics on loading private vs. public key for
cert request
apps/cmp.c: Check self-signature on CSR input and warn on failure
X509_REQ_get_extensions(): Return empty stack if no extensions found
CM
[openssl] master update
The branch master has been updated via 302e63cbe5176d42422934a3b3e9ada8fd66 (commit) via 31a89254d8225bab5c33be88e08296786da6af6a (commit) from 4333b89f504e7a8de9c42a0d27f68530b5301848 (commit) - Log - commit 302e63cbe5176d42422934a3b3e9ada8fd66 Author: Richard Levitte Date: Thu Jan 28 14:08:31 2021 +0100 Prepare for 3.0 alpha 12 Reviewed-by: Tomas Mraz commit 31a89254d8225bab5c33be88e08296786da6af6a Author: Richard Levitte Date: Thu Jan 28 14:07:51 2021 +0100 Prepare for release of 3.0 alpha 11 Reviewed-by: Tomas Mraz --- Summary of changes: VERSION.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.dat b/VERSION.dat index 9956ebb7e7..a39467470d 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha11-dev +PRE_RELEASE_TAG=alpha12-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3
Build completed: openssl master.39424
Build openssl master.39424 completed
Commit 446d466f09 by Dr. David von Oheimb on 1/28/2021 9:06 AM:
fixup! tls_process_{client,server}_certificate(): allow verify_callback return > 1
Configure your notification preferences
[openssl] master update
The branch master has been updated via 92bc61e467a2078438ce50ddda70a6afe6cf23df (commit) from 5ac632eed7767b377e0b18f73084f95011c2ca34 (commit) - Log - commit 92bc61e467a2078438ce50ddda70a6afe6cf23df Author: Richard Levitte Date: Thu Jan 28 10:53:30 2021 +0100 Update NEWS.md before alpha11 release Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13996) --- Summary of changes: NEWS.md | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS.md b/NEWS.md index 01f9563b1d..2028847247 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,7 +20,11 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] - * Deprecated the `DSA_` functions. + * Deprecated the `OCSP_REQ_CTX` type and functions. + * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions. + * Deprecated the `RSA` and `RSA_METHOD` types and functions. + * Deprecated the `DSA` and `DSA_METHOD` types and functions. + * Deprecated the `DH` and `DH_METHOD` types and functions. * Deprecated the `ERR_load_` functions. * Remove the `RAND_DRBG` API. * Deprecated the `ENGINE` API.
Build failed: openssl master.39423
Build openssl master.39423 failed Commit 9e309542ba by Richard Levitte on 1/28/2021 8:00 AM: X509: Refactor X509_PUBKEY processing to include provider side keys Configure your notification preferences
[openssl] master update
The branch master has been updated via 5ac632eed7767b377e0b18f73084f95011c2ca34 (commit) from b1eae34bbe546062c44d26882092fe9db96306d3 (commit) - Log - commit 5ac632eed7767b377e0b18f73084f95011c2ca34 Author: Richard Levitte Date: Wed Jan 27 19:45:51 2021 +0100 APPS: Restore inclusions An '#include ' was mistakenly removed from apps/ec.c and apps/ecparam.c Fixes #13986 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/13989) --- Summary of changes: apps/ec.c | 1 + apps/ecparam.c | 1 + 2 files changed, 2 insertions(+) diff --git a/apps/ec.c b/apps/ec.c index 109e3eaeeb..b6bfd2c523 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include #include diff --git a/apps/ecparam.c b/apps/ecparam.c index 505868eb18..9b9deee562 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -8,6 +8,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include #include
