[web] master update
The branch master has been updated via 08d5ca8ee5e497a78944ceacd9df305d1773a811 (commit) from bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 (commit) - Log - commit 08d5ca8ee5e497a78944ceacd9df305d1773a811 Author: Randall S. Becker Date: Thu Oct 21 10:41:22 2021 -0400 Add NonStop OSS platform community maintainer. GUARDIAN builds are left as unadopted. Signed-off-by: Randall S. Becker --- Summary of changes: policies/platformpolicy.html | 260 --- 1 file changed, 143 insertions(+), 117 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index e73dcb3..3713e0b 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -275,6 +275,149 @@ @levitte + +nonstop-nsx + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nsx_put + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nsx_64 + +NonStop OSS L19.08 + +x86_64 lp64 + +c99 + +@rsbeckerca + + +nonstop-nsx_64_put + +NonStop OSS L19.08 + +x86_64 lp64 PUT + +c99 + +@rsbeckerca + + +nonstop-nsx_spt + +NonStop OSS L19.08 + +x86_64 ilp32 SPT + +c99 + +@rsbeckerca + + +nonstop-nsx_spt_floss + +NonStop OSS L19.08 + +x86_64 ilp32 SPT FLOSS + +c99 + +@rsbeckerca + + +nonstop-nsv + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nse + +NonStop OSS J06.22 + +ia64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nse_put + +NonStop OSS J06.22 + +ia64 ilp32 PUT + +c99 + +@rsbeckerca + + +nonstop-nse_64 + +NonStop OSS J06.22 + +ia64 lp64 + +c99 + +@rsbeckerca + + +nonstop-nse_64_put + +NonStop OSS J06.22 + +ia64 lp64 PUT + +c99 + +@rsbeckerca + + +nonstop-nse_spt + +NonStop OSS J06.22 + +ia64 ipl32 SPT + +c99 + +@rsbeckerca + + +nonstop-nse_spt_floss + +NonStop OSS J06.22 + +ia64 ipl32 SPT FLOSS + +c99 + +@rsbeckerca +
[openssl] master update
The branch master has been updated via 251e941283f554f0dc4b315e3a8fb82ef5b71982 (commit) from d92c696d82b2da62d6fb71942645315e307a (commit) - Log - commit 251e941283f554f0dc4b315e3a8fb82ef5b71982 Author: Dr. David von Oheimb Date: Wed Oct 20 12:44:51 2021 +0200 APPS/req.c: Make -reqexts option an alias of -extensions option This simplifies code, doc, and use. Fixes issue ignoring one or the other. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16865) --- Summary of changes: apps/req.c | 83 - doc/man1/openssl-req.pod.in | 30 2 files changed, 46 insertions(+), 67 deletions(-) diff --git a/apps/req.c b/apps/req.c index aac972e29b..84ea9baeff 100644 --- a/apps/req.c +++ b/apps/req.c @@ -89,8 +89,8 @@ typedef enum OPTION_choice { OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509, OPT_CA, OPT_CAKEY, OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, -OPT_COPY_EXTENSIONS, OPT_ADDEXT, OPT_EXTENSIONS, -OPT_REQEXTS, OPT_PRECERT, OPT_MD, +OPT_COPY_EXTENSIONS, OPT_EXTENSIONS, OPT_REQEXTS, OPT_ADDEXT, +OPT_PRECERT, OPT_MD, OPT_SECTION, OPT_R_ENUM, OPT_PROV_ENUM } OPTION_CHOICE; @@ -130,12 +130,11 @@ const OPTIONS req_options[] = { {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, {"copy_extensions", OPT_COPY_EXTENSIONS, 's', "copy extensions from request when using -x509"}, +{"extensions", OPT_EXTENSIONS, 's', + "Cert or request extension section (override value in config file)"}, +{"reqexts", OPT_REQEXTS, 's', "An alias for -extensions"}, {"addext", OPT_ADDEXT, 's', "Additional cert extension key=value pair (may be given more than once)"}, -{"extensions", OPT_EXTENSIONS, 's', - "Cert extension section (override value in config file)"}, -{"reqexts", OPT_REQEXTS, 's', - "Request extension section (override value in config file)"}, {"precert", OPT_PRECERT, '-', "Add a poison extension to generated cert (implies -new)"}, OPT_SECTION("Keys and Signing"), @@ -245,13 +244,13 @@ int req_main(int argc, char **argv) EVP_MD *md = NULL; int ext_copy = EXT_COPY_UNSET; BIO *addext_bio = NULL; -char *extensions = NULL; +char *extsect = NULL; const char *infile = NULL, *CAfile = NULL, *CAkeyfile = NULL; char *outfile = NULL, *keyfile = NULL, *digest = NULL; char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; char *nofree_passin = NULL, *nofree_passout = NULL; -char *req_exts = NULL, *subj = NULL; +char *subj = NULL; X509_NAME *fsubj = NULL; char *template = default_config_file, *keyout = NULL; const char *keyalg = NULL; @@ -444,6 +443,10 @@ int req_main(int argc, char **argv) goto end; } break; +case OPT_EXTENSIONS: +case OPT_REQEXTS: +extsect = opt_arg(); +break; case OPT_ADDEXT: p = opt_arg(); if (addexts == NULL) { @@ -454,18 +457,12 @@ int req_main(int argc, char **argv) } i = duplicated(addexts, p); if (i == 1) { -BIO_printf(bio_err, "Duplicate extension: %s\n", p); +BIO_printf(bio_err, "Duplicate extension name: %s\n", p); goto opthelp; } if (i < 0 || BIO_printf(addext_bio, "%s\n", p) < 0) goto end; break; -case OPT_EXTENSIONS: -extensions = opt_arg(); -break; -case OPT_REQEXTS: -req_exts = opt_arg(); -break; case OPT_PRECERT: newreq = precert = 1; break; @@ -550,21 +547,22 @@ int req_main(int argc, char **argv) digest = p; } -if (extensions == NULL) { -extensions = NCONF_get_string(req_conf, section, V3_EXTENSIONS); -if (extensions == NULL) +if (extsect == NULL) { +extsect = NCONF_get_string(req_conf, section, + gen_x509 ? V3_EXTENSIONS : REQ_EXTENSIONS); +if (extsect == NULL) ERR_clear_error(); } -if (extensions != NULL) { -/* Check syntax of file */ +if (extsect != NULL) { +/* Check syntax of extension section in config file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, req_conf); -if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { +if (!X509V3_EXT_add_nconf(req_conf, &ctx, extsect, NULL)) { BIO_printf(bio_err, - "Error checking x509 extension section %s\n", -
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 04b0646950449e2e0eaa40427a9d0e0040b028dc (commit) from 52d762961f1f873bbcaa7fba113587edd149b7df (commit) - Log - commit 04b0646950449e2e0eaa40427a9d0e0040b028dc Author: Tomas Mraz Date: Wed Oct 20 13:33:27 2021 +0200 Add missing define to enable AES-NI usage on x86 platform Fixes #16858 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16866) (cherry picked from commit d92c696d82b2da62d6fb71942645315e307a) --- Summary of changes: crypto/aes/build.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/aes/build.info b/crypto/aes/build.info index 0b9f499ee6..af362bcf62 100644 --- a/crypto/aes/build.info +++ b/crypto/aes/build.info @@ -5,7 +5,7 @@ IF[{- !$disabled{asm} -}] $AESASM_x86=aes-586.s $AESDEF_x86=AES_ASM $AESASM_x86_sse2=vpaes-x86.s aesni-x86.s - $AESDEF_x86_sse2=VPAES_ASM + $AESDEF_x86_sse2=VPAES_ASM OPENSSL_IA32_SSE2 $AESASM_x86_64=\ aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s \
[openssl] master update
The branch master has been updated via d92c696d82b2da62d6fb71942645315e307a (commit) from 10343fa52731c6a66a761b578d2aa37a364083c8 (commit) - Log - commit d92c696d82b2da62d6fb71942645315e307a Author: Tomas Mraz Date: Wed Oct 20 13:33:27 2021 +0200 Add missing define to enable AES-NI usage on x86 platform Fixes #16858 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16866) --- Summary of changes: crypto/aes/build.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/aes/build.info b/crypto/aes/build.info index 8a940fcedd..085beb3efb 100644 --- a/crypto/aes/build.info +++ b/crypto/aes/build.info @@ -5,7 +5,7 @@ IF[{- !$disabled{asm} -}] $AESASM_x86=aes-586.s $AESDEF_x86=AES_ASM $AESASM_x86_sse2=vpaes-x86.s aesni-x86.s - $AESDEF_x86_sse2=VPAES_ASM + $AESDEF_x86_sse2=VPAES_ASM OPENSSL_IA32_SSE2 $AESASM_x86_64=\ aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s \
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 69211b0fce408537bdfec7dd4cc5814b3c4eda8c (commit) via 3ce10cc8037bb8cdd1b1f383110d76f922b35808 (commit) from 2f8b8045e6b9a7780873c28c569a8a6388e11306 (commit) - Log - commit 69211b0fce408537bdfec7dd4cc5814b3c4eda8c Author: Matt Caswell Date: Fri Oct 15 16:30:45 2021 +0100 Add tests for ENGINE problems Add some tests which would have caught the issues fixed in the previous commit related to engine handling. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16860) commit 3ce10cc8037bb8cdd1b1f383110d76f922b35808 Author: Matt Caswell Date: Fri Oct 15 16:23:31 2021 +0100 Ensure pkey_set_type handles ENGINE references correctly pkey_set_type should not consume the ENGINE references that may be passed to it. Fixes #16757 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16860) --- Summary of changes: crypto/evp/p_lib.c| 9 ++- test/evp_extra_test.c | 169 +- 2 files changed, 175 insertions(+), 3 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 9f1a485a5b..7e262c573b 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -212,10 +212,15 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, } if (pkey) { pkey->ameth = ameth; -pkey->engine = e; - pkey->type = pkey->ameth->pkey_id; pkey->save_type = type; +# ifndef OPENSSL_NO_ENGINE +if (eptr == NULL && e != NULL && !ENGINE_init(e)) { +EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_INITIALIZATION_ERROR); +return 0; +} +# endif +pkey->engine = e; } return 1; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 3eea4b0fba..74b7e0bcb8 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -19,6 +20,7 @@ #include #include #include +#include #include "testutil.h" #include "internal/nelem.h" #include "crypto/evp.h" @@ -1758,10 +1760,166 @@ static int test_EVP_PKEY_set1_DH(void) return ret; } -#endif +#endif /* OPENSSL_NO_DH */ + +#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +/* Test we can create a signature keys with an associated ENGINE */ +static int test_signatures_with_engine(int tst) +{ +ENGINE *e; +const char *engine_id = "dasync"; +EVP_PKEY *pkey = NULL; +const unsigned char badcmackey[] = { 0x00, 0x01 }; +const unsigned char cmackey[] = { +0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, +0x0c, 0x0d, 0x0e, 0x0f +}; +const unsigned char ed25519key[] = { +0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, +0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, +0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +}; +const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; +int testresult = 0; +EVP_MD_CTX *ctx = NULL; +unsigned char *mac = NULL; +size_t maclen = 0; +int ret; + +if (!TEST_ptr(e = ENGINE_by_id(engine_id))) +return 0; + +if (!TEST_true(ENGINE_init(e))) { +ENGINE_free(e); +return 0; +} + +switch (tst) { +case 0: +pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), + EVP_aes_128_cbc()); +break; +case 1: +pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), + EVP_aes_128_cbc()); +break; +case 2: +pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, +sizeof(ed25519key)); +break; +default: +TEST_error("Invalid test case"); +goto err; +} +if (tst == 1) { +/* + * In 1.1.1 CMAC keys will fail to during EVP_PKEY_new_CMAC_key() if the + * key is bad. In later versions this isn't detected until later. + */ +if (!TEST_ptr_null(pkey)) +goto err; +} else { +if (!TEST_ptr(pkey)) +goto err; +} + +if (tst == 0 || tst == 1) { +/* + * We stop the test here for tests 0 and 1. The dasync engine doesn't + * actually support CMAC in 1.1.1. + */ +testresult = 1; +goto err; +} + +if (!TEST_ptr(ctx = EVP_MD_CTX_new())) +goto err; + +ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, + pkey); +if (tst == 0) { +if (!TEST_true(ret)) +got
[web] master update
The branch master has been updated via bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 (commit) from 6209ad7fe143d48712822e7ce0e592d870f168b0 (commit) - Log - commit bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 Author: Richard Levitte Date: Thu Oct 21 10:14:29 2021 +0200 Remove duplicated toolchain --- Summary of changes: policies/platformpolicy.html | 2 -- 1 file changed, 2 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index 00201af..e73dcb3 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -225,8 +225,6 @@ VSI C 7.4 (64 bit pointer build) -VSI C 7.4 - @levitte
[web] master update
The branch master has been updated via 6209ad7fe143d48712822e7ce0e592d870f168b0 (commit) from 4ed858ce02d41753b78629e0b908660593f082b6 (commit) - Log - commit 6209ad7fe143d48712822e7ce0e592d870f168b0 Author: Richard Levitte Date: Wed Oct 20 10:19:11 2021 +0200 Update the details of VMS support Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/269) --- Summary of changes: policies/platformpolicy.html | 132 +-- 1 file changed, 76 insertions(+), 56 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index be1b00f..00201af 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -193,13 +193,87 @@ Nominated Community Member(s) -vms-ia64? +vms-alpha + +OpenVMS 8.4 + +alpha + +VSI C 7.4 + +@levitte + + +vms-alpha-p32 OpenVMS 8.4 +alpha + +VSI C 7.4 +(32 bit pointer build) + +@levitte + + +vms-alpha-p64 + +OpenVMS 8.4 + +alpha + +VSI C 7.4 +(64 bit pointer build) + +VSI C 7.4 + +@levitte + + +vms-ia64 + +OpenVMS 8.4 8.4 + ia64 -?? +VSI C 7.4 + +@levitte + + +vms-ia64-p32 + +OpenVMS 8.4 + +ia64 + +VSI C 7.4 +(32 bit pointer build) + +@levitte + + +vms-ia64-p64 + +OpenVMS 8.4 + +ia64 + +VSI C 7.4 +(64 bit pointer build) + +@levitte + + +vms-x86_64 + +OpenVMS 8.4 + +x86_64 + +VSI C X7.4 +(cross compile on ia64, +currently build only) @levitte @@ -1073,60 +1147,6 @@ gcc - -vms-alpha - -VMS - -alpha - -? - - -vms-alpha-p32 - -VMS - -alpha 32 bit pointers? - -? - - -vms-alpha-p64 - -VMS - -alpha 64 bit pointers? - -? - - -vms-ia64-p32 - -VMS - -ia64 32 bit pointers? - -? - - -vms-ia64-p64 - -VMS - -ia64 64 bit pointers? - -? - - -vms-x86_64 - -VMS - -x86_64 - -? - android-arm