[web] master update
The branch master has been updated via 08d5ca8ee5e497a78944ceacd9df305d1773a811 (commit) from bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 (commit) - Log - commit 08d5ca8ee5e497a78944ceacd9df305d1773a811 Author: Randall S. Becker Date: Thu Oct 21 10:41:22 2021 -0400 Add NonStop OSS platform community maintainer. GUARDIAN builds are left as unadopted. Signed-off-by: Randall S. Becker --- Summary of changes: policies/platformpolicy.html | 260 --- 1 file changed, 143 insertions(+), 117 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index e73dcb3..3713e0b 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -275,6 +275,149 @@ @levitte + +nonstop-nsx + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nsx_put + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nsx_64 + +NonStop OSS L19.08 + +x86_64 lp64 + +c99 + +@rsbeckerca + + +nonstop-nsx_64_put + +NonStop OSS L19.08 + +x86_64 lp64 PUT + +c99 + +@rsbeckerca + + +nonstop-nsx_spt + +NonStop OSS L19.08 + +x86_64 ilp32 SPT + +c99 + +@rsbeckerca + + +nonstop-nsx_spt_floss + +NonStop OSS L19.08 + +x86_64 ilp32 SPT FLOSS + +c99 + +@rsbeckerca + + +nonstop-nsv + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nse + +NonStop OSS J06.22 + +ia64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nse_put + +NonStop OSS J06.22 + +ia64 ilp32 PUT + +c99 + +@rsbeckerca + + +nonstop-nse_64 + +NonStop OSS J06.22 + +ia64 lp64 + +c99 + +@rsbeckerca + + +nonstop-nse_64_put + +NonStop OSS J06.22 + +ia64 lp64 PUT + +c99 + +@rsbeckerca + + +nonstop-nse_spt + +NonStop OSS J06.22 + +ia64 ipl32 SPT + +c99 + +@rsbeckerca + + +nonstop-nse_spt_floss + +NonStop OSS J06.22 + +ia64 ipl32 SPT FLOSS + +c99 + +@rsbeckerca +
[openssl] master update
The branch master has been updated
via 251e941283f554f0dc4b315e3a8fb82ef5b71982 (commit)
from d92c696d82b2da62d6fb71942645315e307a (commit)
- Log -
commit 251e941283f554f0dc4b315e3a8fb82ef5b71982
Author: Dr. David von Oheimb
Date: Wed Oct 20 12:44:51 2021 +0200
APPS/req.c: Make -reqexts option an alias of -extensions option
This simplifies code, doc, and use.
Fixes issue ignoring one or the other.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16865)
---
Summary of changes:
apps/req.c | 83 -
doc/man1/openssl-req.pod.in | 30
2 files changed, 46 insertions(+), 67 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index aac972e29b..84ea9baeff 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -89,8 +89,8 @@ typedef enum OPTION_choice {
OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
OPT_CA, OPT_CAKEY,
OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL,
-OPT_COPY_EXTENSIONS, OPT_ADDEXT, OPT_EXTENSIONS,
-OPT_REQEXTS, OPT_PRECERT, OPT_MD,
+OPT_COPY_EXTENSIONS, OPT_EXTENSIONS, OPT_REQEXTS, OPT_ADDEXT,
+OPT_PRECERT, OPT_MD,
OPT_SECTION,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -130,12 +130,11 @@ const OPTIONS req_options[] = {
{"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
{"copy_extensions", OPT_COPY_EXTENSIONS, 's',
"copy extensions from request when using -x509"},
+{"extensions", OPT_EXTENSIONS, 's',
+ "Cert or request extension section (override value in config file)"},
+{"reqexts", OPT_REQEXTS, 's', "An alias for -extensions"},
{"addext", OPT_ADDEXT, 's',
"Additional cert extension key=value pair (may be given more than once)"},
-{"extensions", OPT_EXTENSIONS, 's',
- "Cert extension section (override value in config file)"},
-{"reqexts", OPT_REQEXTS, 's',
- "Request extension section (override value in config file)"},
{"precert", OPT_PRECERT, '-', "Add a poison extension to generated cert
(implies -new)"},
OPT_SECTION("Keys and Signing"),
@@ -245,13 +244,13 @@ int req_main(int argc, char **argv)
EVP_MD *md = NULL;
int ext_copy = EXT_COPY_UNSET;
BIO *addext_bio = NULL;
-char *extensions = NULL;
+char *extsect = NULL;
const char *infile = NULL, *CAfile = NULL, *CAkeyfile = NULL;
char *outfile = NULL, *keyfile = NULL, *digest = NULL;
char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *nofree_passin = NULL, *nofree_passout = NULL;
-char *req_exts = NULL, *subj = NULL;
+char *subj = NULL;
X509_NAME *fsubj = NULL;
char *template = default_config_file, *keyout = NULL;
const char *keyalg = NULL;
@@ -444,6 +443,10 @@ int req_main(int argc, char **argv)
goto end;
}
break;
+case OPT_EXTENSIONS:
+case OPT_REQEXTS:
+extsect = opt_arg();
+break;
case OPT_ADDEXT:
p = opt_arg();
if (addexts == NULL) {
@@ -454,18 +457,12 @@ int req_main(int argc, char **argv)
}
i = duplicated(addexts, p);
if (i == 1) {
-BIO_printf(bio_err, "Duplicate extension: %s\n", p);
+BIO_printf(bio_err, "Duplicate extension name: %s\n", p);
goto opthelp;
}
if (i < 0 || BIO_printf(addext_bio, "%s\n", p) < 0)
goto end;
break;
-case OPT_EXTENSIONS:
-extensions = opt_arg();
-break;
-case OPT_REQEXTS:
-req_exts = opt_arg();
-break;
case OPT_PRECERT:
newreq = precert = 1;
break;
@@ -550,21 +547,22 @@ int req_main(int argc, char **argv)
digest = p;
}
-if (extensions == NULL) {
-extensions = NCONF_get_string(req_conf, section, V3_EXTENSIONS);
-if (extensions == NULL)
+if (extsect == NULL) {
+extsect = NCONF_get_string(req_conf, section,
+ gen_x509 ? V3_EXTENSIONS : REQ_EXTENSIONS);
+if (extsect == NULL)
ERR_clear_error();
}
-if (extensions != NULL) {
-/* Check syntax of file */
+if (extsect != NULL) {
+/* Check syntax of extension section in config file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, req_conf);
-if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
+if (!X509V3_EXT_add_nconf(req_conf, &ctx, extsect, NULL)) {
BIO_printf(bio_err,
- "Error checking x509 extension section %s\n",
-
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via 04b0646950449e2e0eaa40427a9d0e0040b028dc (commit)
from 52d762961f1f873bbcaa7fba113587edd149b7df (commit)
- Log -
commit 04b0646950449e2e0eaa40427a9d0e0040b028dc
Author: Tomas Mraz
Date: Wed Oct 20 13:33:27 2021 +0200
Add missing define to enable AES-NI usage on x86 platform
Fixes #16858
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/16866)
(cherry picked from commit d92c696d82b2da62d6fb71942645315e307a)
---
Summary of changes:
crypto/aes/build.info | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index 0b9f499ee6..af362bcf62 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -5,7 +5,7 @@ IF[{- !$disabled{asm} -}]
$AESASM_x86=aes-586.s
$AESDEF_x86=AES_ASM
$AESASM_x86_sse2=vpaes-x86.s aesni-x86.s
- $AESDEF_x86_sse2=VPAES_ASM
+ $AESDEF_x86_sse2=VPAES_ASM OPENSSL_IA32_SSE2
$AESASM_x86_64=\
aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s \
[openssl] master update
The branch master has been updated
via d92c696d82b2da62d6fb71942645315e307a (commit)
from 10343fa52731c6a66a761b578d2aa37a364083c8 (commit)
- Log -
commit d92c696d82b2da62d6fb71942645315e307a
Author: Tomas Mraz
Date: Wed Oct 20 13:33:27 2021 +0200
Add missing define to enable AES-NI usage on x86 platform
Fixes #16858
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/16866)
---
Summary of changes:
crypto/aes/build.info | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index 8a940fcedd..085beb3efb 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -5,7 +5,7 @@ IF[{- !$disabled{asm} -}]
$AESASM_x86=aes-586.s
$AESDEF_x86=AES_ASM
$AESASM_x86_sse2=vpaes-x86.s aesni-x86.s
- $AESDEF_x86_sse2=VPAES_ASM
+ $AESDEF_x86_sse2=VPAES_ASM OPENSSL_IA32_SSE2
$AESASM_x86_64=\
aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s \
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 69211b0fce408537bdfec7dd4cc5814b3c4eda8c (commit)
via 3ce10cc8037bb8cdd1b1f383110d76f922b35808 (commit)
from 2f8b8045e6b9a7780873c28c569a8a6388e11306 (commit)
- Log -
commit 69211b0fce408537bdfec7dd4cc5814b3c4eda8c
Author: Matt Caswell
Date: Fri Oct 15 16:30:45 2021 +0100
Add tests for ENGINE problems
Add some tests which would have caught the issues fixed in the previous
commit related to engine handling.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16860)
commit 3ce10cc8037bb8cdd1b1f383110d76f922b35808
Author: Matt Caswell
Date: Fri Oct 15 16:23:31 2021 +0100
Ensure pkey_set_type handles ENGINE references correctly
pkey_set_type should not consume the ENGINE references that may be
passed to it.
Fixes #16757
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16860)
---
Summary of changes:
crypto/evp/p_lib.c| 9 ++-
test/evp_extra_test.c | 169 +-
2 files changed, 175 insertions(+), 3 deletions(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 9f1a485a5b..7e262c573b 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -212,10 +212,15 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int
type, const char *str,
}
if (pkey) {
pkey->ameth = ameth;
-pkey->engine = e;
-
pkey->type = pkey->ameth->pkey_id;
pkey->save_type = type;
+# ifndef OPENSSL_NO_ENGINE
+if (eptr == NULL && e != NULL && !ENGINE_init(e)) {
+EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_INITIALIZATION_ERROR);
+return 0;
+}
+# endif
+pkey->engine = e;
}
return 1;
}
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 3eea4b0fba..74b7e0bcb8 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -10,6 +10,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -19,6 +20,7 @@
#include
#include
#include
+#include
#include "testutil.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
@@ -1758,10 +1760,166 @@ static int test_EVP_PKEY_set1_DH(void)
return ret;
}
-#endif
+#endif /* OPENSSL_NO_DH */
+
+#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+/* Test we can create a signature keys with an associated ENGINE */
+static int test_signatures_with_engine(int tst)
+{
+ENGINE *e;
+const char *engine_id = "dasync";
+EVP_PKEY *pkey = NULL;
+const unsigned char badcmackey[] = { 0x00, 0x01 };
+const unsigned char cmackey[] = {
+0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+0x0c, 0x0d, 0x0e, 0x0f
+};
+const unsigned char ed25519key[] = {
+0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
+int testresult = 0;
+EVP_MD_CTX *ctx = NULL;
+unsigned char *mac = NULL;
+size_t maclen = 0;
+int ret;
+
+if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
+return 0;
+
+if (!TEST_true(ENGINE_init(e))) {
+ENGINE_free(e);
+return 0;
+}
+
+switch (tst) {
+case 0:
+pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
+ EVP_aes_128_cbc());
+break;
+case 1:
+pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
+ EVP_aes_128_cbc());
+break;
+case 2:
+pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
+sizeof(ed25519key));
+break;
+default:
+TEST_error("Invalid test case");
+goto err;
+}
+if (tst == 1) {
+/*
+ * In 1.1.1 CMAC keys will fail to during EVP_PKEY_new_CMAC_key() if
the
+ * key is bad. In later versions this isn't detected until later.
+ */
+if (!TEST_ptr_null(pkey))
+goto err;
+} else {
+if (!TEST_ptr(pkey))
+goto err;
+}
+
+if (tst == 0 || tst == 1) {
+/*
+ * We stop the test here for tests 0 and 1. The dasync engine doesn't
+ * actually support CMAC in 1.1.1.
+ */
+testresult = 1;
+goto err;
+}
+
+if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
+goto err;
+
+ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
+ pkey);
+if (tst == 0) {
+if (!TEST_true(ret))
+got
[web] master update
The branch master has been updated via bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 (commit) from 6209ad7fe143d48712822e7ce0e592d870f168b0 (commit) - Log - commit bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 Author: Richard Levitte Date: Thu Oct 21 10:14:29 2021 +0200 Remove duplicated toolchain --- Summary of changes: policies/platformpolicy.html | 2 -- 1 file changed, 2 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index 00201af..e73dcb3 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -225,8 +225,6 @@ VSI C 7.4 (64 bit pointer build) -VSI C 7.4 - @levitte
[web] master update
The branch master has been updated via 6209ad7fe143d48712822e7ce0e592d870f168b0 (commit) from 4ed858ce02d41753b78629e0b908660593f082b6 (commit) - Log - commit 6209ad7fe143d48712822e7ce0e592d870f168b0 Author: Richard Levitte Date: Wed Oct 20 10:19:11 2021 +0200 Update the details of VMS support Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/269) --- Summary of changes: policies/platformpolicy.html | 132 +-- 1 file changed, 76 insertions(+), 56 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index be1b00f..00201af 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -193,13 +193,87 @@ Nominated Community Member(s) -vms-ia64? +vms-alpha + +OpenVMS 8.4 + +alpha + +VSI C 7.4 + +@levitte + + +vms-alpha-p32 OpenVMS 8.4 +alpha + +VSI C 7.4 +(32 bit pointer build) + +@levitte + + +vms-alpha-p64 + +OpenVMS 8.4 + +alpha + +VSI C 7.4 +(64 bit pointer build) + +VSI C 7.4 + +@levitte + + +vms-ia64 + +OpenVMS 8.4 8.4 + ia64 -?? +VSI C 7.4 + +@levitte + + +vms-ia64-p32 + +OpenVMS 8.4 + +ia64 + +VSI C 7.4 +(32 bit pointer build) + +@levitte + + +vms-ia64-p64 + +OpenVMS 8.4 + +ia64 + +VSI C 7.4 +(64 bit pointer build) + +@levitte + + +vms-x86_64 + +OpenVMS 8.4 + +x86_64 + +VSI C X7.4 +(cross compile on ia64, +currently build only) @levitte @@ -1073,60 +1147,6 @@ gcc - -vms-alpha - -VMS - -alpha - -? - - -vms-alpha-p32 - -VMS - -alpha 32 bit pointers? - -? - - -vms-alpha-p64 - -VMS - -alpha 64 bit pointers? - -? - - -vms-ia64-p32 - -VMS - -ia64 32 bit pointers? - -? - - -vms-ia64-p64 - -VMS - -ia64 64 bit pointers? - -? - - -vms-x86_64 - -VMS - -x86_64 - -? - android-arm
