[openssl/openssl] 2bd819: Change name of parameter in documentation from sig...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 2bd8190aace8109a06aff495a3e20c863ef48653 https://github.com/openssl/openssl/commit/2bd8190aace8109a06aff495a3e20c863ef48653 Author: Kurt Roeckx Date: 2022-08-04 (Thu, 04 Aug 2022) Changed paths: M doc/man3/EVP_DigestSignInit.pod M doc/man3/EVP_DigestVerifyInit.pod M doc/man7/provider-signature.pod Log Message: --- Change name of parameter in documentation from sigret to sig The rest of the documentation talks about sig, not sigret Reviewed-by: Matt Caswell Reviewed-by: Todd Short Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18943)
[web] master update
The branch master has been updated via 4ed858ce02d41753b78629e0b908660593f082b6 (commit) via 825e40e042c3eb67f7c8f865cff7f21a669f989b (commit) from 4d8357b7e6fb544f0a618e65d98a9206a2df05f6 (commit) - Log - commit 4ed858ce02d41753b78629e0b908660593f082b6 Author: Kurt Roeckx Date: Wed Oct 20 09:40:16 2021 +0200 Fix table summary title Reviewed-by: Tim Hudson GH: #268 commit 825e40e042c3eb67f7c8f865cff7f21a669f989b Author: Kurt Roeckx Date: Wed Oct 20 09:50:47 2021 +0200 Remove duplicate Reviewed-by: Tim Hudson GH: #268 --- Summary of changes: policies/platformpolicy.html | 11 +-- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index abf1ac7..be1b00f 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -208,7 +208,7 @@ The current unadopted platforms are: - + Target @@ -902,15 +902,6 @@ gcc - -mingw64 - -Windows 10? - -x86_64 - -gcc - UEFI-x86
[web] master update
The branch master has been updated via 4d8357b7e6fb544f0a618e65d98a9206a2df05f6 (commit) via 1628f0f455848c12f365c9bac03bfc30b50e2d86 (commit) via f50ade47ca53ad5c6757bb4afe5dfa51cf261475 (commit) from 03e84f49907d92dda63a9360090781fc8ed96910 (commit) - Log - commit 4d8357b7e6fb544f0a618e65d98a9206a2df05f6 Author: Kurt Roeckx Date: Wed Oct 20 09:31:44 2021 +0200 Update info about FreeBSD and VMS commit 1628f0f455848c12f365c9bac03bfc30b50e2d86 Author: Kurt Roeckx Date: Wed Oct 20 09:11:50 2021 +0200 Fix spelling error commit f50ade47ca53ad5c6757bb4afe5dfa51cf261475 Author: Kurt Roeckx Date: Wed Oct 20 09:10:20 2021 +0200 Add platforms for which we have a configuartion --- Summary of changes: policies/platformpolicy.html | 1321 +- 1 file changed, 1316 insertions(+), 5 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index cdf2db4..abf1ac7 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -59,7 +59,7 @@ stable version or master) on a community platform breaks, then an attempt should be made to contact the community maintainer to request a fix. In the event that a community platform is - broken in CI for a protacted period then it may be dropped + broken in CI for a protracted period then it may be dropped from CI. If defects are raised that are specific to a community @@ -109,7 +109,7 @@ x86_64 -?? +Clang 11 VC-WIN64A @@ -193,11 +193,11 @@ Nominated Community Member(s) -?? +vms-ia64? -OpenVMS 9.1 +OpenVMS 8.4 -Itanium +ia64 ?? @@ -205,6 +205,1317 @@ + +The current unadopted platforms are: + + + +Target + +O/S + +Architecture + +Toolchain + + +vos-gcc + +VOS + +?? + +gcc + + +solaris-x86-gcc + +Solaris + +x86 + +gcc + + +solaris64-x86_64-gcc + +Solaris + +x86_64 + +gcc + + +solaris64-x86_64-cc + +Solaris + +x86_64 + +Sun C + + +solaris-sparcv7-gcc + +Solaris + +Sparc V7 + +gcc + + +solaris-sparcv8-gcc + +Solaris + +Sparc V8 + +gcc + + +solaris-sparcv9-gcc + +Solaris + +Sparc V9 32 bit + +gcc + + +solaris64-sparcv9-gcc + +Solaris + +Sparc V9 64 bit + +gcc + + +solaris-sparcv7-cc + +Solaris + +Sparc V7 + +Sun C + + +solaris-sparcv8-cc + +Solaris + +Sparc V8
[web] master update
The branch master has been updated via 8bbe05eafe1a554259e527f9ba3dd18e4b2e3a9a (commit) from 89d554f676bdacf8497b41c8f2eae3b395bb2ff9 (commit) - Log - commit 8bbe05eafe1a554259e527f9ba3dd18e4b2e3a9a Author: Kurt Roeckx Date: Fri Jan 15 18:49:59 2021 +0100 Update expiration date --- Summary of changes: news/openssl-security.asc | 80 +++ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 2b32a4b..8e6c0cc 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -11,33 +11,33 @@ Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO 5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB -tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz -bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck -Z9YTy4PH7W0w2JTizos9efUFAl3n9TkFCQvHY5oACgkQ2JTizos9efVbRQ//aItr -wyVa5j+OtrMaIJI9x835ES4bBaEIY1YVwGzoKzj+MOxdai0spUR6KZ9TYnEC5R4b -yFac7H9g+R4V5rv3+HogMBTYaCTmbFmZ4Y8viD7YaDsHHMcbHQymyV55l7ZfzyNt -pw3D3acvS3nOij9JQqRTOHuIOtS5FtJh1/+pig5sEk1TigOemJ7cnC7uWmfkzDzx -ywz29EBFZXeFV7Dg+hjkUuVtMqcbhouvjJlwvx7cgcAPwFRZcu7UoirVoq0+sSJj -kxxohVekpc+daZK9ge6qpHi7LObgM64fVPjR4FizuTmHU+f7ptUaI7BEGxmPtmBa -skj1Wi4lkSgQ4SfS7PpnlPphM2Tms7mG4gPO4f0cZ/qZriCoaU5DZ8kPx0xgY7Yf -Uol3NyRxAXJZi7voSWsj/YM1rsyd8Q7bYFW0Rx/hcjbT2AwZcqruqAuYEM6+M3Sb -JzOm28w+lnS7urnog8MBSSX9wsFzwHEXKBiqY2Qp+jU/fmSebqiDrRaAXJPvidCM -gsPNrK6HrQOjemZTG7dReIxqIjWuguhcN4aoellXwJYuR0NOo0uRK79IGbjFU8Vy -UBuv5AMCWgpblLaDyVHkhnQbNjnpvJnVoCqvTU4R0ttmjKQV4aWwgdryuc/a564J -PKcfr4pmeb+4Lfh1SxpNP3O2pzI1OY1zSj5nFRm0JU9wZW5TU0wgT01DIDxvcGVu -c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCXef1QQUJC8djmgAKCRDY -lOLOiz159UcFD/9XdBn0wKmEwBO2KyM/zfHLpTysV3A1QM98C3Oy2/jPI/wcWmIN -1PoXbDEUGTBCKAEYhcnQKb5E7FsD+68i/07S5eBP65R24G182f6Qofy8Hy/Kbed/ -GmQEoprDaYqpUp6qFoPxBExW8bwEzkSRWTz4d/ptjDREOF3d4oJS3CE/HOr3l9Jy -0Jgvg1iAw2uiRSNb5/miUZM7wa/wGYmJmtbGomr3/suyyLeRh4UwoOAZulB6crql -ITxoyv9M7IF+YAYIdRQB1/zbE6d+i+5AKeyGmBxhXyYlIIFHjmFpMmz+HbHZ31tr -FodE/1EK9kxGcOOv9jSxiplLdgl0d4XqAb2wsNYygNb2n6uj/7Vz+iZwWnCDfNEo -UPazufcFh4KMPV6ZzqguXWpV6aV40rEjqWWwXfwXiSL7Yc1TYdnj+koCy2sXoiLd -d2VlCX/wWhl38KsAN69OgYlDNVne5ctQ2zpdYyYrQZlL9yk164evBroZGOrJSTl4 -5ZNSmsbX/alNQRTCVuPmICY6KOEE0CylvhcZtXbDvT9OTm0wNg99jj0Hpd3r8I6d -zGlsBfnipSWVnXtg4ozzvsIKdHy/1kfbiojwBwhD3QyIheQuA1MfmbItw60olEHH -iGqEzcztmQBTSXtyZ2ZhhPN9ZYGAxFmDmju3alqOqRIwu3C86WN3XCl/urQnT3Bl +tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+ +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78CkZ9YTy4PH7W0w2JTizos9 +efUFAmAB1NUFCQ2zHrYACgkQ2JTizos9efUHgxAAjTBfDLtetgRSnmNMTtgLOIGj +hFpE+eAKoc8xGT0FFmSPFPi2FQ51SjhJlk9PnoRGJC41vECdWY2dpXOVTCQL4ZPv +koVOUmf2979HjVGK1Z5dMnAFZP3bKxFR4KfuhH1rgIkcAoDghyl6w3ONlbBvH9Cx +Mrw36nOYFdRHjJZPVB6/BSZZL2AQE8n/Bwtp9Ea7mqi71ExLSBkPkwlMJ35tbq0e +hAL40r1I2GobcqyntB+K4Kqm891AEHLxRAymvucoxv3Y1yJXpET6GuSKQ9yKsDKK +fTwfbsDuKsLq4dCTcXmluBEKgA0Ni1XzygEh79o957J988WacJDsthhJ5YDjdyK8 +fu6Ie5C2b/hzZZ5oECuEYBsti3hP/WSVsvGDhkI8tvFr071MIk6mHzi0Wxlxyk6F +uO8WeqPkf9cPrWCzTdjAvCmiQe5X4lipOWkysQm/NEc6DKfiYmjfoVuebZmg6Br8 +oypIDJIzy3AK+2sNt5CjvODZ/w7uAHQrFBDAoTLmQL9e5e/fQmgoTFMjn8yzOuiU +BBiw6uGMmhb35OBegzk5ov/1EOQxnMVWLTdLe3xUG6RSGEW8Vy4jgaGWquXhLxeV +bWBTE5DacbCOqGyDoFG/Ehe2eFOOspkL3jPoQN5XqEsqcdiLWRMhH5m/ZISeqI3j +495QYZlxN8HDsjLWK7G0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z +ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID +AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCYAHU4wUJDbMetgAKCRDY +lOLOiz159U7NEACQFr0PgsoNl+/dCdzWN7JrkddTSfY0bEhak8fOwTIb/7ybxzS/ +8qXaso2K5/D+w2RDLyl+faFxuvYIdySOAomxZTeorXpxnba8p13cwEEXgH6wIShi +o22bz9EH/qrsWqwXa22CkYzhWJQTED703+i5Rm+eO9oeOq6inx3ceCAKNfEDhfKC +dSAP08Mo41mMPf6+2CM/dPiN1LaouZVg/stQ/FPnuEZOetOtXZH/nEgPHAaVDhaF +FQQ6JlxvXzC+BCrJ0eJgJuhuU8K/y5SahEKqRbcHxBB7MBIH1ZqBhmMJ1eWxYX2S +PFJaTNgjVJ82vpLstHdSE6boamtEEtkeYEzNnaOOiebNwyIHlrsCaPKNXAuISKe/ +pD91maFDcXPF/4IP+juegnNjdFi1g8mmIwEvJnb1ZqoY0+ay+zH2q1ZshRixsCG5 +5afQCM+nwXhuAVhUqxOC7FG0f+/geTBJnXWw4C1QiiJjXYQhKH9g+R6vj/ODskOY +dFqe7uZQZzcd1DNmvNYfQVWMyW6hYDNgbFqqshsPaZaQicaa4rAWfyenWBSlR/yH +xqbfZJW+31MvFk5auz8Rv96W4/nOppUmUqEZ0xhAgPhmBUKgvVnyfg6RR9Il/rUU +kZUvwN45CtSdKQZWhrEHIEWzp3PdooTHDKeuTczCrdRvsSsFx1pMG1NcIbQnT3Bl blNTTCB0ZWFtIDxvcGVuc3NsLXRlYW1Ab3BlbnNzbC5vcmc+iQJZBDABCgBDFiEE 78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ9jUlHSBSZXBsYWNlZCBieSBvcGVuc3Ns LW9tY0BvcGVuc3NsLm9yZwAKCRDYlOLOiz159VAiD/wLVz8KE84z+iPBcDXJR4hr @@ -63,17 +63,17 @@ ncd+VYvth6cM9jDWsTJAXEaqNoFjVfw227NnQ/hxqGCwEVzweBi7a7dix3nCa9JO w5eV3xCyezUohQ6nOBbDnoAnp3FLeUrhBJQXCPNtlb0fSMnj14EwBoD6EKO/xz/g EW5mr0a+xp+fjbkvHVX/c8UmU
[openssl] master update
The branch master has been updated
via 47690cd4ceb3a1cfdf097d575cb0d3cf9c6dac13 (commit)
from 8e596a93bc266259f1ef0d56601e58bbfe18317a (commit)
- Log -
commit 47690cd4ceb3a1cfdf097d575cb0d3cf9c6dac13
Author: Kurt Roeckx
Date: Sat Jul 11 17:17:09 2020 +0200
Use __BYTE_ORDER__ to test the endianness when available
Reviewed-by: Paul Dale
GH: #13085
---
Summary of changes:
include/internal/endian.h | 34 +++---
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/include/internal/endian.h b/include/internal/endian.h
index f581c14b24..b4e486da3a 100644
--- a/include/internal/endian.h
+++ b/include/internal/endian.h
@@ -10,13 +10,41 @@
#ifndef OSSL_INTERNAL_ENDIAN_H
# define OSSL_INTERNAL_ENDIAN_H
-# define DECLARE_IS_ENDIAN \
+/*
+ * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endiannes
+ * at compile time. To use it, DECLARE_IS_ENDIAN must be used to declare
+ * a variable.
+ *
+ * L_ENDIAN and B_ENDIAN can be used at preprocessor time. They can be set
+ * in the configarion using the lib_cppflags variable. If neither is
+ * set, it will fall back to code works with either endianness.
+ */
+
+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)
+# define DECLARE_IS_ENDIAN const int ossl_is_little_endian = __BYTE_ORDER__
== __ORDER_LITTLE_ENDIAN__
+# define IS_LITTLE_ENDIAN (ossl_is_little_endian)
+# define IS_BIG_ENDIAN (!ossl_is_little_endian)
+# if defined(L_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__)
+# error "L_ENDIAN defined on a big endian machine"
+# endif
+# if defined(B_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
+# error "B_ENDIAN defined on a little endian machine"
+# endif
+# if !defined(L_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
+# define L_ENDIAN
+# endif
+# if !defined(B_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__)
+# define B_ENDIAN
+# endif
+# else
+# define DECLARE_IS_ENDIAN \
const union { \
long one; \
char little; \
} ossl_is_endian = { 1 }
-# define IS_LITTLE_ENDIAN (ossl_is_endian.little != 0)
-# define IS_BIG_ENDIAN(ossl_is_endian.little == 0)
+# define IS_LITTLE_ENDIAN (ossl_is_endian.little != 0)
+# define IS_BIG_ENDIAN(ossl_is_endian.little == 0)
+# endif
#endif
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 256989ce442c19151ae2b79b8d137c364e8479f2 (commit) from 56e8fe0b4efbf582e40ae91319727c9d176c5e1e (commit) - Log - commit 256989ce442c19151ae2b79b8d137c364e8479f2 Author: olszomal Date: Fri Jun 19 15:00:32 2020 +0200 Add const to 'ppin' function parameter CLA: trivial Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell GH: #12205 (cherry picked from commit 434343f896a2bb3e5857cc9831c38f8cd1cceec1) --- Summary of changes: doc/man3/d2i_DHparams.pod | 2 +- doc/man3/d2i_X509.pod | 8 +--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/doc/man3/d2i_DHparams.pod b/doc/man3/d2i_DHparams.pod index d4e34fe877..befcafa8a1 100644 --- a/doc/man3/d2i_DHparams.pod +++ b/doc/man3/d2i_DHparams.pod @@ -8,7 +8,7 @@ d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions #include - DH *d2i_DHparams(DH **a, unsigned char **pp, long length); + DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); int i2d_DHparams(DH *a, unsigned char **pp); =head1 DESCRIPTION diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 245df0c8d9..e42049d2ba 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -365,7 +365,7 @@ i2d_X509_VAL, =for comment generic - TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); + TYPE *d2i_TYPE(TYPE **a, const unsigned char **ppin, long length); TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); @@ -529,7 +529,8 @@ Allocate and encode the DER encoding of an X509 structure: Attempt to decode a buffer: X509 *x; - unsigned char *buf, *p; + unsigned char *buf; + const unsigned char *p; int len; /* Set up buf and len to point to the input buffer. */ @@ -541,7 +542,8 @@ Attempt to decode a buffer: Alternative technique: X509 *x; - unsigned char *buf, *p; + unsigned char *buf; + const unsigned char *p; int len; /* Set up buf and len to point to the input buffer. */
[openssl] master update
The branch master has been updated via 434343f896a2bb3e5857cc9831c38f8cd1cceec1 (commit) from 6600baa9bb6e59be91692791a6251c172a099a65 (commit) - Log - commit 434343f896a2bb3e5857cc9831c38f8cd1cceec1 Author: olszomal Date: Fri Jun 19 15:00:32 2020 +0200 Add const to 'ppin' function parameter CLA: trivial Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell GH: #12205 --- Summary of changes: doc/man3/d2i_DHparams.pod | 2 +- doc/man3/d2i_X509.pod | 8 +--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/doc/man3/d2i_DHparams.pod b/doc/man3/d2i_DHparams.pod index c554099816..83c3fd9c4b 100644 --- a/doc/man3/d2i_DHparams.pod +++ b/doc/man3/d2i_DHparams.pod @@ -8,7 +8,7 @@ d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions #include - DH *d2i_DHparams(DH **a, unsigned char **pp, long length); + DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); int i2d_DHparams(DH *a, unsigned char **pp); =head1 DESCRIPTION diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 971339bba0..a46977bc93 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -397,7 +397,7 @@ i2d_X509_VAL, =for openssl generic - TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); + TYPE *d2i_TYPE(TYPE **a, const unsigned char **ppin, long length); TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); @@ -564,7 +564,8 @@ Allocate and encode the DER encoding of an X509 structure: Attempt to decode a buffer: X509 *x; - unsigned char *buf, *p; + unsigned char *buf; + const unsigned char *p; int len; /* Set up buf and len to point to the input buffer. */ @@ -576,7 +577,8 @@ Attempt to decode a buffer: Alternative technique: X509 *x; - unsigned char *buf, *p; + unsigned char *buf; + const unsigned char *p; int len; /* Set up buf and len to point to the input buffer. */
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via ee617d0e020d6dd28c079fa7819d009790f2d2b9 (commit) from 8380f453ec81d9172b94a82c3592f78f1a612046 (commit) - Log - commit ee617d0e020d6dd28c079fa7819d009790f2d2b9 Author: Henry N <12493969+henr...@users.noreply.github.com> Date: Thu Sep 10 23:55:28 2020 +0200 Fix: ecp_nistz256-armv4.S bad arguments Fix this error: crypto/ec/ecp_nistz256-armv4.S:3853: Error: bad arguments to instruction -- `orr r11,r10' crypto/ec/ecp_nistz256-armv4.S:3854: Error: bad arguments to instruction -- `orr r11,r12' crypto/ec/ecp_nistz256-armv4.S:3855: Error: bad arguments to instruction -- `orrs r11,r14' CLA: trivial Fixes #12848 Reviewed-by: Tomas Mraz Reviewed-by: Kurt Roeckx GH: #12854 (cherry picked from commit b5f82567afa820bac55b7dd7eb9dd510c32c3ef6) --- Summary of changes: crypto/ec/asm/ecp_nistz256-armv4.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl index ea538c0698..fa833ce6aa 100755 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1517,9 +1517,9 @@ ecp_nistz256_point_add: ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2) mvn $t0,$t0 @ -1/0 -> 0/-1 mvn $t1,$t1 @ -1/0 -> 0/-1 - orr $a0,$t0 - orr $a0,$t1 - orrs$a0,$t2 @ set flags + orr $a0,$a0,$t0 + orr $a0,$a0,$t1 + orrs$a0,$a0,$t2 @ set flags @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) bne .Ladd_proceed
[openssl] master update
The branch master has been updated
via b5f82567afa820bac55b7dd7eb9dd510c32c3ef6 (commit)
via 08e9684c53deab7d815be47bfdf0f324a0d10ad9 (commit)
from 28a5f5b39c54751c825c05677e23406eda37d16b (commit)
- Log -
commit b5f82567afa820bac55b7dd7eb9dd510c32c3ef6
Author: Henry N <12493969+henr...@users.noreply.github.com>
Date: Thu Sep 10 23:55:28 2020 +0200
Fix: ecp_nistz256-armv4.S bad arguments
Fix this error:
crypto/ec/ecp_nistz256-armv4.S:3853: Error: bad arguments to instruction --
`orr r11,r10'
crypto/ec/ecp_nistz256-armv4.S:3854: Error: bad arguments to instruction --
`orr r11,r12'
crypto/ec/ecp_nistz256-armv4.S:3855: Error: bad arguments to instruction --
`orrs r11,r14'
CLA: trivial
Fixes #12848
Reviewed-by: Tomas Mraz
Reviewed-by: Kurt Roeckx
GH: #12854
commit 08e9684c53deab7d815be47bfdf0f324a0d10ad9
Author: David Benjamin
Date: Fri Sep 18 15:21:43 2020 -0400
Deprecate ASN1_STRING_length_set in OpenSSL 3.0.
Fixes #12885
Reviewed-by: Kurt Roeckx
GH: #12922
---
Summary of changes:
crypto/asn1/asn1_lib.c | 2 ++
crypto/ec/asm/ecp_nistz256-armv4.pl | 6 +++---
include/openssl/asn1.h.in | 2 +-
util/libcrypto.num | 2 +-
4 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 1331f608f4..d6160ac979 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -387,10 +387,12 @@ int ASN1_STRING_length(const ASN1_STRING *x)
return x->length;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
void ASN1_STRING_length_set(ASN1_STRING *x, int len)
{
x->length = len;
}
+#endif
int ASN1_STRING_type(const ASN1_STRING *x)
{
diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl
b/crypto/ec/asm/ecp_nistz256-armv4.pl
index 32fd9087e0..0adad26cb1 100755
--- a/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -1521,9 +1521,9 @@ ecp_nistz256_point_add:
ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2)
mvn $t0,$t0 @ -1/0 -> 0/-1
mvn $t1,$t1 @ -1/0 -> 0/-1
- orr $a0,$t0
- orr $a0,$t1
- orrs$a0,$t2 @ set flags
+ orr $a0,$a0,$t0
+ orr $a0,$a0,$t1
+ orrs$a0,$a0,$t2 @ set flags
@ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2))
bne .Ladd_proceed
diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in
index c4d6f068ae..dfb1c9cae5 100644
--- a/include/openssl/asn1.h.in
+++ b/include/openssl/asn1.h.in
@@ -539,7 +539,7 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING
*b);
int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(const ASN1_STRING *x);
-void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+DEPRECATEDIN_3_0(void ASN1_STRING_length_set(ASN1_STRING *x, int n))
int ASN1_STRING_type(const ASN1_STRING *x);
DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 0be0ada89d..96fd637ba0 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1813,7 +1813,7 @@ BIO_next1855 3_0_0
EXIST::FUNCTION:
ASN1_STRING_set_default_mask_asc1856 3_0_0 EXIST::FUNCTION:
X509_CRL_new1857 3_0_0 EXIST::FUNCTION:
i2b_PrivateKey_bio 1858 3_0_0 EXIST::FUNCTION:DSA
-ASN1_STRING_length_set 1859 3_0_0 EXIST::FUNCTION:
+ASN1_STRING_length_set 1859 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_3_0
PEM_write_PKCS8 1860 3_0_0 EXIST::FUNCTION:STDIO
PKCS7_digest_from_attributes1861 3_0_0 EXIST::FUNCTION:
EC_GROUP_set_curve_GFp 1862 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
[openssl] master update
The branch master has been updated
via 10203a34725ec75136b03d64fd2126b321419ac1 (commit)
from 8ae40cf57d2138af92a3479e23f35037ae8c5c30 (commit)
- Log -
commit 10203a34725ec75136b03d64fd2126b321419ac1
Author: Kurt Roeckx
Date: Sat Apr 13 15:52:47 2019 +0200
Support writing RSA keys using the traditional format again
Fixes: #6855
Reviewed-by: Richard Levitte
GH: #8743
---
Summary of changes:
CHANGES.md | 4 ++--
apps/genrsa.c | 20 +++-
apps/rsa.c | 17 ++---
doc/man1/openssl-genrsa.pod.in | 5 +
doc/man1/openssl-rsa.pod.in| 12 +---
doc/man1/openssl.pod | 2 +-
test/testrsa.pem | 19 ++-
7 files changed, 52 insertions(+), 27 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index c2bbf0d167..0f6880d716 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -353,8 +353,8 @@ OpenSSL 3.0
*Paul Dale*
* The command line utilities genrsa and rsa have been modified to use PKEY
- APIs These commands are now in maintenance mode and no new features will
- be added to them.
+ APIs. They now write PKCS#8 keys by default. These commands are now in
+ maintenance mode and no new features will be added to them.
*Paul Dale*
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 4f589e98c1..04315a559b 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -38,7 +38,7 @@ typedef enum OPTION_choice {
#endif
OPT_F4, OPT_ENGINE,
OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
-OPT_R_ENUM, OPT_PROV_ENUM
+OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL
} OPTION_CHOICE;
const OPTIONS genrsa_options[] = {
@@ -62,6 +62,8 @@ const OPTIONS genrsa_options[] = {
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"primes", OPT_PRIMES, 'p', "Specify number of primes"},
{"verbose", OPT_VERBOSE, '-', "Verbose output"},
+{"traditional", OPT_TRADITIONAL, '-',
+ "Use traditional format for private keys"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
OPT_R_OPTIONS,
@@ -88,7 +90,7 @@ int genrsa_main(int argc, char **argv)
char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
char *prog, *hexe, *dece;
OPTION_CHOICE o;
-unsigned char *ebuf = NULL;
+int traditional = 0;
if (bn == NULL || cb == NULL)
goto end;
@@ -141,6 +143,9 @@ opthelp:
case OPT_VERBOSE:
verbose = 1;
break;
+case OPT_TRADITIONAL:
+traditional = 1;
+break;
}
}
argc = opt_num_rest();
@@ -214,8 +219,14 @@ opthelp:
OPENSSL_free(hexe);
OPENSSL_free(dece);
}
-if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout))
-goto end;
+if (traditional) {
+if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0,
+ NULL, passout))
+goto end;
+} else {
+if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout))
+goto end;
+}
ret = 0;
end:
@@ -226,7 +237,6 @@ opthelp:
BIO_free_all(out);
release_engine(eng);
OPENSSL_free(passout);
-OPENSSL_free(ebuf);
if (ret != 0)
ERR_print_errors(bio_err);
return ret;
diff --git a/apps/rsa.c b/apps/rsa.c
index 0464729f71..fdee96d570 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -31,7 +31,7 @@ typedef enum OPTION_choice {
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER,
-OPT_PROV_ENUM
+OPT_PROV_ENUM, OPT_TRADITIONAL
} OPTION_CHOICE;
const OPTIONS rsa_options[] = {
@@ -59,6 +59,8 @@ const OPTIONS rsa_options[] = {
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+{"traditional", OPT_TRADITIONAL, '-',
+ "Use traditional format for private keys"},
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
OPT_SECTION("PVK"),
@@ -88,6 +90,7 @@ int rsa_main(int argc, char **argv)
int pvk_encr = 2;
#endif
OPTION_CHOICE o;
+int traditional = 0;
prog = opt_init(argc, argv, rsa_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -163,6 +166,9 @@ int rsa_main(int argc, char **argv)
if (!opt_provider(o))
goto end;
break;
+case OPT_TRADITIONAL:
+
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via ac4f465406ced9601cb8c9cb800ad9a37e61b6da (commit)
from 4b7097025305b219694dd8b04f84155cd12fb71d (commit)
- Log -
commit ac4f465406ced9601cb8c9cb800ad9a37e61b6da
Author: Sebastian Andrzej Siewior
Date: Sat Apr 25 23:57:00 2020 +0200
doc: Random spellchecking
A little spell checking.
Backport of commit
af0d413654d19 ("doc: Random spellchecking")
Signed-off-by: Sebastian Andrzej Siewior
Reviewed-by: Kurt Roeckx
Reviewed-by: Paul Dale
GH: #12075
---
Summary of changes:
doc/man1/s_client.pod | 2 +-
doc/man1/s_time.pod | 2 +-
doc/man3/SSL_CTX_set_tlsext_servername_callback.pod | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 68a152a272..86cc295691 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -788,7 +788,7 @@ for an appropriate page.
If a certificate is specified on the command line using the B<-cert>
option it will not be used unless the server specifically requests
-a client certificate. Therefor merely including a client certificate
+a client certificate. Therefore merely including a client certificate
on the command line is no guarantee that the certificate works.
If there are problems verifying a server certificate then the
diff --git a/doc/man1/s_time.pod b/doc/man1/s_time.pod
index e1a3bef41c..04cae196a5 100644
--- a/doc/man1/s_time.pod
+++ b/doc/man1/s_time.pod
@@ -184,7 +184,7 @@ send an HTTP request for an appropriate page.
If a certificate is specified on the command line using the B<-cert>
option it will not be used unless the server specifically requests
-a client certificate. Therefor merely including a client certificate
+a client certificate. Therefore merely including a client certificate
on the command line is no guarantee that the certificate works.
=head1 BUGS
diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
index e971035734..160a7343c3 100644
--- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
@@ -88,7 +88,7 @@ Otherwise it returns NULL.
=item On the client, during or after the handshake and a TLSv1.2 (or below)
resumption occurred
-If the session from the orignal handshake had a servername accepted by the
+If the session from the original handshake had a servername accepted by the
server then it will return that servername.
Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL
@@ -157,12 +157,12 @@ corner cases. This has been fixed from OpenSSL 1.1.1e.
Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2
handshake, the server accepted it, and then the client successfully resumed but
-set a different explict servername in the second handshake then when called by
+set a different explicit servername in the second handshake then when called by
the client it returned the servername from the second handshake. This has now
been changed to return the servername requested in the original handshake.
Also prior to 1.1.1e, if the client sent a servername in the first handshake
but
-the server did not accept it, and then a second handshake occured where TLSv1.2
+the server did not accept it, and then a second handshake occurred where
TLSv1.2
resumption was successful then when called by the server it returned the
servername requested in the original handshake. This has now been changed to
NULL.
[openssl] master update
The branch master has been updated via 6985b0e3deaee2f6e83a670ce7b33cf9ee47933a (commit) from 00da0f69890874feaa555fafb99b967b861e9118 (commit) - Log - commit 6985b0e3deaee2f6e83a670ce7b33cf9ee47933a Author: Kurt Roeckx Date: Wed Jun 3 22:01:31 2020 +0200 Add github sponsor button Reviewed-by: Richard Levitte GH: #12035 --- Summary of changes: .github/FUNDING.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 00..15a862457e --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: openssl
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 57225c99ef848f0d0d1a7ab586a61ef71740f1ff (commit)
via 42fc47964727fb2b12024eaf390c28fcb3caf561 (commit)
from 525e2288fafd76e416b4a6dad6d95d8b598f8152 (commit)
- Log -
commit 57225c99ef848f0d0d1a7ab586a61ef71740f1ff
Author: Kurt Roeckx
Date: Sun Feb 9 19:28:15 2020 +0100
Check that ed25519 and ed448 are allowed by the security level
Signature algorithms not using an MD weren't checked that they're
allowed by the security level.
Reviewed-by: Tomáš Mráz
GH: #11062
commit 42fc47964727fb2b12024eaf390c28fcb3caf561
Author: Kurt Roeckx
Date: Thu Jan 2 23:16:30 2020 +0100
Generate new Ed488 certificates
Create a whole chain of Ed488 certificates so that we can use it at security
level 4 (192 bit). We had an 2048 bit RSA (112 bit, level 2) root sign the
Ed488 certificate using SHA256 (128 bit, level 3).
Reviewed-by: Matt Caswell
GH: #10785
(cherry picked from commit 77c4d3972400adf1bcb76ceea359f5453cc3e8e4)
---
Summary of changes:
ssl/t1_lib.c | 59 --
test/certs/root-ed448-cert.pem| 10
test/certs/root-ed448-key.pem | 4 ++
test/certs/server-ed448-cert.pem | 21 +++
test/certs/setup.sh | 5 ++
test/ssl-tests/20-cert-select.conf| 8 +--
test/ssl-tests/20-cert-select.conf.in | 5 +-
test/ssl-tests/28-seclevel.conf | 110 --
test/ssl-tests/28-seclevel.conf.in| 33 --
9 files changed, 185 insertions(+), 70 deletions(-)
create mode 100644 test/certs/root-ed448-cert.pem
create mode 100644 test/certs/root-ed448-key.pem
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d7ce6541d3..445ed7fc59 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -991,6 +991,31 @@ int tls_check_sigalg_curve(const SSL *s, int curve)
}
#endif
+/*
+ * Return the number of security bits for the signature algorithm, or 0 on
+ * error.
+ */
+static int sigalg_security_bits(const SIGALG_LOOKUP *lu)
+{
+const EVP_MD *md = NULL;
+int secbits = 0;
+
+if (!tls1_lookup_md(lu, ))
+return 0;
+if (md != NULL)
+{
+/* Security bits: half digest bits */
+secbits = EVP_MD_size(md) * 4;
+} else {
+/* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */
+if (lu->sigalg == TLSEXT_SIGALG_ed25519)
+secbits = 128;
+else if (lu->sigalg == TLSEXT_SIGALG_ed448)
+secbits = 224;
+}
+return secbits;
+}
+
/*
* Check signature algorithm is consistent with sent supported signature
* algorithms and if so set relevant digest and signature scheme in
@@ -1004,6 +1029,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig,
EVP_PKEY *pkey)
size_t sent_sigslen, i, cidx;
int pkeyid = EVP_PKEY_id(pkey);
const SIGALG_LOOKUP *lu;
+int secbits = 0;
/* Should never happen */
if (pkeyid == -1)
@@ -1105,20 +1131,20 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig,
EVP_PKEY *pkey)
SSL_R_UNKNOWN_DIGEST);
return 0;
}
-if (md != NULL) {
-/*
- * Make sure security callback allows algorithm. For historical
- * reasons we have to pass the sigalg as a two byte char array.
- */
-sigalgstr[0] = (sig >> 8) & 0xff;
-sigalgstr[1] = sig & 0xff;
-if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
-EVP_MD_size(md) * 4, EVP_MD_type(md),
-(void *)sigalgstr)) {
-SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS12_CHECK_PEER_SIGALG,
- SSL_R_WRONG_SIGNATURE_TYPE);
-return 0;
-}
+/*
+ * Make sure security callback allows algorithm. For historical
+ * reasons we have to pass the sigalg as a two byte char array.
+ */
+sigalgstr[0] = (sig >> 8) & 0xff;
+sigalgstr[1] = sig & 0xff;
+secbits = sigalg_security_bits(lu);
+if (secbits == 0 ||
+!ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+ md != NULL ? EVP_MD_type(md) : NID_undef,
+ (void *)sigalgstr)) {
+SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+ SSL_R_WRONG_SIGNATURE_TYPE);
+return 0;
}
/* Store the sigalg the peer uses */
s->s3->tmp.peer_sigalg = lu;
@@ -1625,11 +1651,8 @@ static int tls12_sigalg_allowed(const SSL *s, int op,
const SIGALG_LOOKUP *lu)
}
}
-if (lu->hash == NID_undef)
-return 1;
-/* Security bits: half digest bits */
-secbits = EVP_MD_size(ssl_md(lu->hash_idx)) * 4;
/* Finally see if security callback allows it */
+secbits = sigalg_security_
[openssl] master update
The branch master has been updated
via 620c97b671a9c7bc31ca36a24b2242aa1aa80022 (commit)
via 77c4d3972400adf1bcb76ceea359f5453cc3e8e4 (commit)
from d819760d3da5dd5491c94a2d6b36553708c9338b (commit)
- Log -
commit 620c97b671a9c7bc31ca36a24b2242aa1aa80022
Author: Kurt Roeckx
Date: Sun Feb 9 19:28:15 2020 +0100
Check that ed25519 and ed448 are allowed by the security level
Signature algorithms not using an MD weren't checked that they're
allowed by the security level.
Reviewed-by: Matt Caswell
GH: #10785
commit 77c4d3972400adf1bcb76ceea359f5453cc3e8e4
Author: Kurt Roeckx
Date: Thu Jan 2 23:16:30 2020 +0100
Generate new Ed488 certificates
Create a whole chain of Ed488 certificates so that we can use it at security
level 4 (192 bit). We had an 2048 bit RSA (112 bit, level 2) root sign the
Ed488 certificate using SHA256 (128 bit, level 3).
Reviewed-by: Matt Caswell
GH: #10785
---
Summary of changes:
ssl/t1_lib.c | 59 --
test/certs/root-ed448-cert.pem| 10
test/certs/root-ed448-key.pem | 4 ++
test/certs/server-ed448-cert.pem | 21 +++
test/certs/setup.sh | 5 ++
test/ssl-tests/20-cert-select.conf| 8 +--
test/ssl-tests/20-cert-select.conf.in | 5 +-
test/ssl-tests/28-seclevel.conf | 110 --
test/ssl-tests/28-seclevel.conf.in| 33 --
9 files changed, 185 insertions(+), 70 deletions(-)
create mode 100644 test/certs/root-ed448-cert.pem
create mode 100644 test/certs/root-ed448-key.pem
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 103a8f18bb..aedb521015 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1075,6 +1075,31 @@ int tls_check_sigalg_curve(const SSL *s, int curve)
}
#endif
+/*
+ * Return the number of security bits for the signature algorithm, or 0 on
+ * error.
+ */
+static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu)
+{
+const EVP_MD *md = NULL;
+int secbits = 0;
+
+if (!tls1_lookup_md(ctx, lu, ))
+return 0;
+if (md != NULL)
+{
+/* Security bits: half digest bits */
+secbits = EVP_MD_size(md) * 4;
+} else {
+/* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */
+if (lu->sigalg == TLSEXT_SIGALG_ed25519)
+secbits = 128;
+else if (lu->sigalg == TLSEXT_SIGALG_ed448)
+secbits = 224;
+}
+return secbits;
+}
+
/*
* Check signature algorithm is consistent with sent supported signature
* algorithms and if so set relevant digest and signature scheme in
@@ -1088,6 +1113,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig,
EVP_PKEY *pkey)
size_t sent_sigslen, i, cidx;
int pkeyid = EVP_PKEY_id(pkey);
const SIGALG_LOOKUP *lu;
+int secbits = 0;
/* Should never happen */
if (pkeyid == -1)
@@ -1189,20 +1215,20 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig,
EVP_PKEY *pkey)
SSL_R_UNKNOWN_DIGEST);
return 0;
}
-if (md != NULL) {
-/*
- * Make sure security callback allows algorithm. For historical
- * reasons we have to pass the sigalg as a two byte char array.
- */
-sigalgstr[0] = (sig >> 8) & 0xff;
-sigalgstr[1] = sig & 0xff;
-if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
-EVP_MD_size(md) * 4, EVP_MD_type(md),
-(void *)sigalgstr)) {
-SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS12_CHECK_PEER_SIGALG,
- SSL_R_WRONG_SIGNATURE_TYPE);
-return 0;
-}
+/*
+ * Make sure security callback allows algorithm. For historical
+ * reasons we have to pass the sigalg as a two byte char array.
+ */
+sigalgstr[0] = (sig >> 8) & 0xff;
+sigalgstr[1] = sig & 0xff;
+secbits = sigalg_security_bits(s->ctx, lu);
+if (secbits == 0 ||
+!ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+ md != NULL ? EVP_MD_type(md) : NID_undef,
+ (void *)sigalgstr)) {
+SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+ SSL_R_WRONG_SIGNATURE_TYPE);
+return 0;
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
@@ -1726,11 +1752,8 @@ static int tls12_sigalg_allowed(const SSL *s, int op,
const SIGALG_LOOKUP *lu)
}
}
-if (lu->hash == NID_undef)
-return 1;
-/* Security bits: half digest bits */
-secbits = EVP_MD_size(ssl_md(s->ctx, lu->hash_idx)) * 4;
/* Finally see if security callback allows it */
+secbits = sigalg_security_bits(s->ctx, lu);
sigalgstr[0] = (lu-
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 68436f0a8964e911eb4f864bc8b31d7ca4d29585 (commit) via b98efebeb2d4265bd6638d5947fe365500121e03 (commit) from d2e8cbfb45e8dbd24f7bb394b0141130b4c0eb98 (commit) - Log - commit 68436f0a8964e911eb4f864bc8b31d7ca4d29585 Author: Kurt Roeckx Date: Thu Jan 2 23:25:27 2020 +0100 Stop accepting certificates signed using SHA1 at security level 1 Reviewed-by: Viktor Dukhovni GH: #10786 (cherry picked from commit b744f915ca8bb37631909728dd2529289bda8438) commit b98efebeb2d4265bd6638d5947fe365500121e03 Author: Kurt Roeckx Date: Thu Jan 23 00:24:35 2020 +0100 Create a new embeddedSCTs1 that's signed using SHA256 Reviewed-by: Viktor Dukhovni GH: #10786 (cherry picked from commit 4d9e8c95544d7a86765e6a46951dbe17b801875a) --- Summary of changes: CHANGES | 12 NEWS| 5 ++- crypto/rsa/rsa_ameth.c | 20 +++- crypto/x509/x509_set.c | 14 + test/certs/ct-server-key-public.pem | 4 +++ test/certs/ct-server-key.pem| 5 +++ test/certs/embeddedSCTs1-key.pem| 38 +++ test/certs/embeddedSCTs1.pem| 35 ++--- test/certs/embeddedSCTs1.sct| 12 test/certs/embeddedSCTs1.tlssct | Bin 0 -> 118 bytes test/certs/embeddedSCTs1_issuer-key.pem | 15 + test/certs/embeddedSCTs3.sct| 2 +- test/certs/mkcert.sh| 52 test/certs/setup.sh | 3 ++ test/ct_test.c | 6 +++- test/recipes/25-test_verify.t | 8 ++--- 16 files changed, 187 insertions(+), 44 deletions(-) create mode 100644 test/certs/ct-server-key-public.pem create mode 100644 test/certs/ct-server-key.pem create mode 100644 test/certs/embeddedSCTs1.tlssct create mode 100644 test/certs/embeddedSCTs1_issuer-key.pem diff --git a/CHANGES b/CHANGES index e4d57bb6b5..34d09c5d3c 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,18 @@ Changes between 1.1.1d and 1.1.1e [xx XXX ] + *) X509 certificates signed using SHA1 are no longer allowed at security + level 1 and above. + In TLS/SSL the default security level is 1. It can be set either + using the cipher string with @SECLEVEL, or calling + SSL_CTX_set_security_level(). If the leaf certificate is signed with SHA-1, + a call to SSL_CTX_use_certificate() will fail if the security level is not + lowered first. + Outside TLS/SSL, the default security level is -1 (effectively 0). It can + be set using X509_VERIFY_PARAM_set_auth_level() or using the -auth_level + options of the apps. + [Kurt Roeckx] + *) Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values diff --git a/NEWS b/NEWS index 4af390505d..11840cf05b 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,10 @@ Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [under development] - o + o X509 certificates signed using SHA1 are no longer allowed at security +level 1 or higher. The default security level for TLS is 1, so +certificates signed using SHA1 are by default no longer trusted to +authenticate servers or clients. Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 6692a51ed8..d45d6b5ba3 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -855,6 +855,7 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, uint32_t flags; const EVP_MD *mgf1md = NULL, *md = NULL; RSA_PSS_PARAMS *pss; +int secbits; /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) @@ -874,7 +875,24 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, else flags = 0; /* Note: security bits half number of digest bits */ -X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4, +secbits = EVP_MD_size(md) * 4; +/* + * SHA1 and MD5 are known to be broken. Reduce security bits so that + * they're no longer accepted at security level 1. The real values don't + * really matter as long as they're lower than 80, which is our security + * level 1. + * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for SHA1 at + * 2^63.4 + * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf + * puts a chosen-prefix
[openssl] master update
The branch master has been updated via b744f915ca8bb37631909728dd2529289bda8438 (commit) via 4d9e8c95544d7a86765e6a46951dbe17b801875a (commit) from d8d4e5fb32b3f7d9af28d21ce4c1c46cc1c7614c (commit) - Log - commit b744f915ca8bb37631909728dd2529289bda8438 Author: Kurt Roeckx Date: Thu Jan 2 23:25:27 2020 +0100 Stop accepting certificates signed using SHA1 at security level 1 Reviewed-by: Viktor Dukhovni GH: #10786 commit 4d9e8c95544d7a86765e6a46951dbe17b801875a Author: Kurt Roeckx Date: Thu Jan 23 00:24:35 2020 +0100 Create a new embeddedSCTs1 that's signed using SHA256 Reviewed-by: Viktor Dukhovni GH: #10786 --- Summary of changes: CHANGES | 12 NEWS| 4 +++ crypto/rsa/rsa_ameth.c | 20 +++- crypto/x509/x509_set.c | 14 + test/certs/ct-server-key-public.pem | 4 +++ test/certs/ct-server-key.pem| 5 +++ test/certs/embeddedSCTs1-key.pem| 38 +++ test/certs/embeddedSCTs1.pem| 35 ++--- test/certs/embeddedSCTs1.sct| 12 test/certs/embeddedSCTs1.tlssct | Bin 0 -> 118 bytes test/certs/embeddedSCTs1_issuer-key.pem | 15 + test/certs/embeddedSCTs3.sct| 2 +- test/certs/mkcert.sh| 52 test/certs/setup.sh | 3 ++ test/ct_test.c | 6 +++- test/recipes/25-test_verify.t | 8 ++--- 16 files changed, 187 insertions(+), 43 deletions(-) create mode 100644 test/certs/ct-server-key-public.pem create mode 100644 test/certs/ct-server-key.pem create mode 100644 test/certs/embeddedSCTs1.tlssct create mode 100644 test/certs/embeddedSCTs1_issuer-key.pem diff --git a/CHANGES b/CHANGES index 1750162a10..7b18d51077 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,18 @@ Changes between 1.1.1 and 3.0.0 [xx XXX ] + *) X509 certificates signed using SHA1 are no longer allowed at security + level 1 and above. + In TLS/SSL the default security level is 1. It can be set either + using the cipher string with @SECLEVEL, or calling + SSL_CTX_set_security_level(). If the leaf certificate is signed with SHA-1, + a call to SSL_CTX_use_certificate() will fail if the security level is not + lowered first. + Outside TLS/SSL, the default security level is -1 (effectively 0). It can + be set using X509_VERIFY_PARAM_set_auth_level() or using the -auth_level + options of the apps. + [Kurt Roeckx] + *) Reworked the treatment of EC EVP_PKEYs with the SM2 curve to automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC. This means that applications don't have to look at the curve NID and diff --git a/NEWS b/NEWS index de439d6bb1..4d7f0d01c6 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,10 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development] + o X509 certificates signed using SHA1 are no longer allowed at security +level 1 or higher. The default security level for TLS is 1, so +certificates signed using SHA1 are by default no longer trusted to +authenticate servers or clients. o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly disabled; the project uses address sanitize/leak-detect instead. o Added OSSL_SERIALIZER, a generic serializer API. diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 3246f33688..485ac35a6f 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -859,6 +859,7 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, uint32_t flags; const EVP_MD *mgf1md = NULL, *md = NULL; RSA_PSS_PARAMS *pss; +int secbits; /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) @@ -878,7 +879,24 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, else flags = 0; /* Note: security bits half number of digest bits */ -X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4, +secbits = EVP_MD_size(md) * 4; +/* + * SHA1 and MD5 are known to be broken. Reduce security bits so that + * they're no longer accepted at security level 1. The real values don't + * really matter as long as they're lower than 80, which is our security + * level 1. + * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for SHA1 at + * 2^63.4 + * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf + * puts a chosen-prefix attack for MD5 at 2^39. + */ +if (mdnid == NID_sha1) +s
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via cc7c6eb8135be665d0acc176a5963e1eaf52e4e2 (commit) via 2dbcdb693597a20ae4e84126b02f8f05b70fa831 (commit) from 59f92fa27eb41a7513e584b665c87669171f60dd (commit) - Log - commit cc7c6eb8135be665d0acc176a5963e1eaf52e4e2 Author: Kurt Roeckx Date: Thu Jan 2 22:53:32 2020 +0100 Check that the default signature type is allowed TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the others. TLS 1.2 sends a list of supported ciphers, but allows not sending it in which case SHA1 is used. TLS 1.3 makes sending the list mandatory. When we didn't receive a list from the client, we always used the defaults without checking that they are allowed by the configuration. Reviewed-by: Paul Dale GH: #10784 (cherry picked from commit b0031e5dc2c8c99a6c04bc7625aa00d3d20a59a5) commit 2dbcdb693597a20ae4e84126b02f8f05b70fa831 Author: Kurt Roeckx Date: Sun Jan 12 16:44:01 2020 +0100 Replace apps/server.pem with certificate with a sha256 signature. It replaces apps/server.pem that used a sha1 signature with a copy of test/certs/servercert.pem that is uses sha256. This caused the dtlstest to start failing. It's testing connection sbetween a dtls client and server. In particular it was checking that if we drop a record that the handshake recovers and still completes successfully. The test iterates a number of times. The first time through it drops the first record. The second time it drops the second one, and so on. In order to do this it has a hard-coded value for the expected number of records it should see in a handshake. That's ok because we completely control both sides of the handshake and know what records we expect to see. Small changes in message size would be tolerated because that is unlikely to have an impact on the number of records. Larger changes in message size however could increase or decrease the number of records and hence cause the test to fail. This particular test uses a mem bio which doesn't have all the CTRLs that the dgram BIO has. When we are using a dgram BIO we query that BIO to determine the MTU size. The smaller the MTU the more fragmented handshakes become. Since the mem BIO doesn't report an MTU we use a rather small default value and get quite a lot of records in our handshake. This has the tendency to increase the likelihood of the number of records changing in the test if the message size changes. It so happens that the new server certificate is smaller than the old one. AFAICT this is probably because the DNs for the Subject and Issuer are significantly shorter than previously. The result is that the number of records used to transmit the Certificate message is one less than it was before. This actually has a knock on impact for subsequent messages and how we fragment them resulting in one less ServerKeyExchange record too (the actual size of the ServerKeyExchange message hasn't changed, but where in that message it gets fragmented has). In total the number of records used in the handshake has decreased by 2 with the new server.pem file. Reviewed-by: Paul Dale GH: #10784 (cherry picked from commit 5fd72d96a592c3c4ef28ff11c6ef334a856b0cd1) --- Summary of changes: apps/server.pem | 95 +++ ssl/ssl_local.h | 2 +- ssl/t1_lib.c | 16 +-- test/dtlstest.c | 2 +- test/recipes/70-test_sslsigalgs.t | 57 +++ 5 files changed, 98 insertions(+), 74 deletions(-) diff --git a/apps/server.pem b/apps/server.pem index d0fc265f04..b380759199 100644 --- a/apps/server.pem +++ b/apps/server.pem @@ -1,52 +1,47 @@ -subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert -issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA -BEGIN CERTIFICATE- -MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG -A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU -RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ -KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi -R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv -vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 -TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc
[openssl] master update
The branch master has been updated via b0031e5dc2c8c99a6c04bc7625aa00d3d20a59a5 (commit) via 5fd72d96a592c3c4ef28ff11c6ef334a856b0cd1 (commit) from 9420b403b72ecd74f55804f494346c926aa609c9 (commit) - Log - commit b0031e5dc2c8c99a6c04bc7625aa00d3d20a59a5 Author: Kurt Roeckx Date: Thu Jan 2 22:53:32 2020 +0100 Check that the default signature type is allowed TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the others. TLS 1.2 sends a list of supported ciphers, but allows not sending it in which case SHA1 is used. TLS 1.3 makes sending the list mandatory. When we didn't receive a list from the client, we always used the defaults without checking that they are allowed by the configuration. Reviewed-by: Paul Dale GH: #10784 commit 5fd72d96a592c3c4ef28ff11c6ef334a856b0cd1 Author: Kurt Roeckx Date: Sun Jan 12 16:44:01 2020 +0100 Replace apps/server.pem with certificate with a sha256 signature. It replaces apps/server.pem that used a sha1 signature with a copy of test/certs/servercert.pem that is uses sha256. This caused the dtlstest to start failing. It's testing connection sbetween a dtls client and server. In particular it was checking that if we drop a record that the handshake recovers and still completes successfully. The test iterates a number of times. The first time through it drops the first record. The second time it drops the second one, and so on. In order to do this it has a hard-coded value for the expected number of records it should see in a handshake. That's ok because we completely control both sides of the handshake and know what records we expect to see. Small changes in message size would be tolerated because that is unlikely to have an impact on the number of records. Larger changes in message size however could increase or decrease the number of records and hence cause the test to fail. This particular test uses a mem bio which doesn't have all the CTRLs that the dgram BIO has. When we are using a dgram BIO we query that BIO to determine the MTU size. The smaller the MTU the more fragmented handshakes become. Since the mem BIO doesn't report an MTU we use a rather small default value and get quite a lot of records in our handshake. This has the tendency to increase the likelihood of the number of records changing in the test if the message size changes. It so happens that the new server certificate is smaller than the old one. AFAICT this is probably because the DNs for the Subject and Issuer are significantly shorter than previously. The result is that the number of records used to transmit the Certificate message is one less than it was before. This actually has a knock on impact for subsequent messages and how we fragment them resulting in one less ServerKeyExchange record too (the actual size of the ServerKeyExchange message hasn't changed, but where in that message it gets fragmented has). In total the number of records used in the handshake has decreased by 2 with the new server.pem file. Reviewed-by: Paul Dale GH: #10784 --- Summary of changes: apps/server.pem | 95 +++ ssl/ssl_local.h | 2 +- ssl/t1_lib.c | 16 +-- test/dtlstest.c | 2 +- test/recipes/70-test_sslsigalgs.t | 57 +++ 5 files changed, 98 insertions(+), 74 deletions(-) diff --git a/apps/server.pem b/apps/server.pem index d0fc265f04..b380759199 100644 --- a/apps/server.pem +++ b/apps/server.pem @@ -1,52 +1,47 @@ -subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert -issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA -BEGIN CERTIFICATE- -MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG -A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU -RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ -KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi -R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv -vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 -TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU -41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R -AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJY
[web] master update
The branch master has been updated via 4139e6e2815280bdd6fe1618a793918c1c7156f2 (commit) from f4b6f035624adcd2228c450cb10e74c940aee37f (commit) - Log - commit 4139e6e2815280bdd6fe1618a793918c1c7156f2 Author: Kurt Roeckx Date: Wed Dec 4 19:09:01 2019 +0100 Update key's expiration date --- Summary of changes: news/openssl-security.asc | 74 +++ 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 9dddc89..2b32a4b 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -13,31 +13,31 @@ zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck -Z9YTy4PH7W0w2JTizos9efUFAlvEwCcFCQmW/3kACgkQ2JTizos9efW23BAAqYqN -dyXOqaK1R6IuYs2fcPcQmIr+sIa4YI3QQj5viT+mz29GjU9BJIUOKAbDod4grVaw -V43moFytTUdUs3vzx/5MQEYPTceq2n7/Y0RdoqztBPPn2FNp1ds/Eo7no9rgCHzB -CVtBpzibEf6Z5/muj9jWvKsLsKBKFltq08KoAjTj8E1gFqoAebGK7eTPEYZkmV1t -L+jZggEFa5xmxLKoArgS6NFqsj7M1ugREKlLL4+GgALnEiGa9r2jeE514YNFXZSN -X9RN9prNpUpDVxAnUmFnk9XllZ9pzyom6Xj6yV7hxxD9RqjPc+9PqLajZ+6myCK9 -mgrvWqAJHKmzQjOljehYGW9AR/1ywcmTOpLC4zuTg9QR0j5Cuxw0yw2k0BWG8x9S -Labllr1YfpfeWuQJptyHOCWck28NCO0uJ9JaPiRuJfPVq1rGMACbI9QoZ9E4rRf1 -UzBuyTrRRygSszb1zmOx/Oc1PAMbwuZYrOby3qUnONTV8CaEe5fgsItYRSCSETuk -UladwcCPpgEkWQJ/WWgqjcnwx4RUJ7aZ+tO6UZdnh7zueyjda9XyTmQcfD/aeEtL -KgbPUFxeMDZQTNr/03uDBqvsM0EBbaHybgUhKTdIx6VbqRxmUVpAksnTOE6Aka8B -IXJb9xr1JotVgM8tuUgW2keNPPwYBAE9l6+k1Fy0JU9wZW5TU0wgT01DIDxvcGVu +Z9YTy4PH7W0w2JTizos9efUFAl3n9TkFCQvHY5oACgkQ2JTizos9efVbRQ//aItr +wyVa5j+OtrMaIJI9x835ES4bBaEIY1YVwGzoKzj+MOxdai0spUR6KZ9TYnEC5R4b +yFac7H9g+R4V5rv3+HogMBTYaCTmbFmZ4Y8viD7YaDsHHMcbHQymyV55l7ZfzyNt +pw3D3acvS3nOij9JQqRTOHuIOtS5FtJh1/+pig5sEk1TigOemJ7cnC7uWmfkzDzx +ywz29EBFZXeFV7Dg+hjkUuVtMqcbhouvjJlwvx7cgcAPwFRZcu7UoirVoq0+sSJj +kxxohVekpc+daZK9ge6qpHi7LObgM64fVPjR4FizuTmHU+f7ptUaI7BEGxmPtmBa +skj1Wi4lkSgQ4SfS7PpnlPphM2Tms7mG4gPO4f0cZ/qZriCoaU5DZ8kPx0xgY7Yf +Uol3NyRxAXJZi7voSWsj/YM1rsyd8Q7bYFW0Rx/hcjbT2AwZcqruqAuYEM6+M3Sb +JzOm28w+lnS7urnog8MBSSX9wsFzwHEXKBiqY2Qp+jU/fmSebqiDrRaAXJPvidCM +gsPNrK6HrQOjemZTG7dReIxqIjWuguhcN4aoellXwJYuR0NOo0uRK79IGbjFU8Vy +UBuv5AMCWgpblLaDyVHkhnQbNjnpvJnVoCqvTU4R0ttmjKQV4aWwgdryuc/a564J +PKcfr4pmeb+4Lfh1SxpNP3O2pzI1OY1zSj5nFRm0JU9wZW5TU0wgT01DIDxvcGVu c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAGAUJCZb/eQAKCRDY -lOLOiz159Xe0EACD9dOKa8Yy0K8xrC77KZteyEJb49O3e0fagjulquebwXQNjdzv -SvAo3W67bwJ2zRA6kBRHzCxh70dtdd9PvD7gkbqombeZ8CKf1ADj0P31I3dOBJM4 -rupTWnzycKkSzR2JvhoXmA7bNqpGIgRtOSJBKNCVPMtLSR/Oc2Z/KckjbldY110s -zaa6ef1lLtc9CrNnQb9GQNu4hrIbRrFFFyvyIb+46R8XPcjCTnwyfMpWo9/6ftk9 -MbpnsQRwsX3YujnzH6z20nlp+vRtNEbXCfkvz4j744QiffYLA9DQHoV4jjaN5cZ1 -3isaODNnIFuq9QPbN6LzlJrfTplQ4ugPmK5IBe1WTIratFGp8bLyb5HRNXVNDblK -RBp1R/V/PWBL5C3IDgyG4zh/09hHqQ1TOMeQYDDDopMb5seKJB0A4oIQNhmDP1tj -3BIPnd9BOHyvkOFD152AVABmwnlHmOi5m77lt4bxU/U66+AoDjvzL9VZfrGcosKo -B+IX6nhp7RYNObZxCJnKyRMtDY1oLTESYCD0OBN3S/0215VUwp5WmloawTbW9pfu -zbbw+Pax/wQDCXmKq1wlkxVUwd2Yx6uiN3QeeZY+mVsFWjBpNPEtwzP9eqWvGXvK -WHo2oDeEUrUHCEWQAfogS9dia4Bk0S3MWX63ibmWwYeuUf6Wy1C5KXbm/7QnT3Bl +AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCXef1QQUJC8djmgAKCRDY +lOLOiz159UcFD/9XdBn0wKmEwBO2KyM/zfHLpTysV3A1QM98C3Oy2/jPI/wcWmIN +1PoXbDEUGTBCKAEYhcnQKb5E7FsD+68i/07S5eBP65R24G182f6Qofy8Hy/Kbed/ +GmQEoprDaYqpUp6qFoPxBExW8bwEzkSRWTz4d/ptjDREOF3d4oJS3CE/HOr3l9Jy +0Jgvg1iAw2uiRSNb5/miUZM7wa/wGYmJmtbGomr3/suyyLeRh4UwoOAZulB6crql +ITxoyv9M7IF+YAYIdRQB1/zbE6d+i+5AKeyGmBxhXyYlIIFHjmFpMmz+HbHZ31tr +FodE/1EK9kxGcOOv9jSxiplLdgl0d4XqAb2wsNYygNb2n6uj/7Vz+iZwWnCDfNEo +UPazufcFh4KMPV6ZzqguXWpV6aV40rEjqWWwXfwXiSL7Yc1TYdnj+koCy2sXoiLd +d2VlCX/wWhl38KsAN69OgYlDNVne5ctQ2zpdYyYrQZlL9yk164evBroZGOrJSTl4 +5ZNSmsbX/alNQRTCVuPmICY6KOEE0CylvhcZtXbDvT9OTm0wNg99jj0Hpd3r8I6d +zGlsBfnipSWVnXtg4ozzvsIKdHy/1kfbiojwBwhD3QyIheQuA1MfmbItw60olEHH +iGqEzcztmQBTSXtyZ2ZhhPN9ZYGAxFmDmju3alqOqRIwu3C86WN3XCl/urQnT3Bl blNTTCB0ZWFtIDxvcGVuc3NsLXRlYW1Ab3BlbnNzbC5vcmc+iQJZBDABCgBDFiEE 78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ9jUlHSBSZXBsYWNlZCBieSBvcGVuc3Ns LW9tY0BvcGVuc3NsLm9yZwAKCRDYlOLOiz159VAiD/wLVz8KE84z+iPBcDXJR4hr @@ -63,17 +63,17 @@ ncd+VYvth6cM9jDWsTJAXEaqNoFjVfw227NnQ/hxqGCwEVzweBi7a7dix3nCa9JO w5eV3xCyezUohQ6nOBbDnoAnp3FLeUrhBJQXCPNtlb0fSMnj14EwBoD6EKO/xz/g EW5mr0a+xp+fjbkvHVX/c8UmU+7nlX7upaN46RLM1y0yWYKo9BV61tn+kcsAk7kh Q7dKhOzmSXpsBHMAEQEAAYkCPAQYAQoAJgIbDBYhBO/ApGfWE8uDx+1tMNiU4s6L -PXn1BQJcCEC3BQkJl0OYAAoJENiU4s6LPXn12EAP/Aq6g9XE6Hodr9ig01NC5VtZ -ryNvxSQtMnQuIJIiCcpY0rVzCLVI+Qcnd66vZIm+7w6WEBJQo6F/9zMPS36OQXDc -2UE4Wz3Sgrwk1PYnRu77M/eEdDsCWsSNjQR0wvjqNuZEAxb8qOs1qkg2pXGdNWW5
[openssl] master update
The branch master has been updated via a7bdd0433c0360fccb4dd9f5c43c6fabc4e8c659 (commit) from e5ecfcc788c8d3e6cbb96bc68b5498be8198f9f5 (commit) - Log - commit a7bdd0433c0360fccb4dd9f5c43c6fabc4e8c659 Author: John Baldwin Date: Thu Oct 31 16:51:08 2019 -0700 Support ciphersuites using a SHA2 384 digest in FreeBSD KTLS. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte GH: #10372 --- Summary of changes: ssl/t1_enc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 09bfb45884..19045f9649 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -410,6 +410,9 @@ int tls1_change_cipher_state(SSL *s, int which) case SSL_SHA256: crypto_info.auth_algorithm = CRYPTO_SHA2_256_HMAC; break; +case SSL_SHA384: +crypto_info.auth_algorithm = CRYPTO_SHA2_384_HMAC; +break; default: goto skip_ktls; }
[openssl] master update
The branch master has been updated
via fd4a6e7d1e51ad53f70ae75317da36418cae6458 (commit)
from db5cf86535b305378308c58c52596994e1ece1e6 (commit)
- Log -
commit fd4a6e7d1e51ad53f70ae75317da36418cae6458
Author: Kurt Roeckx
Date: Wed Oct 23 22:10:54 2019 +0200
RSA generation: Use more bits of 1/sqrt(2)
The old version always sets the top 2 bits, so the most significate byte
of the primes was always >= 0xC0. We now use 256 bits to represent
1/sqrt(2) = 0x0.B504F333F9DE64845...
Reviewed-by: Shane Lontis
Reviewed-by: Richard Levitte
GH: #10246
---
Summary of changes:
crypto/bn/bn_rsa_fips186_4.c | 53 +---
crypto/rsa/rsa_sp800_56b_check.c | 27 +++-
include/crypto/bn.h | 3 +++
test/rsa_sp800_56b_test.c| 2 ++
4 files changed, 64 insertions(+), 21 deletions(-)
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index c31b43ba8f..492eb297c3 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -31,6 +31,27 @@
#include
#include "bn_local.h"
#include "crypto/bn.h"
+#include "internal/nelem.h"
+
+#if BN_BITS2 == 64
+# define BN_DEF(lo, hi) (BN_ULONG)hi<<32|lo
+#else
+# define BN_DEF(lo, hi) lo, hi
+#endif
+
+/* 1 / sqrt(2) * 2^256, rounded up */
+static const BN_ULONG inv_sqrt_2_val[] = {
+BN_DEF(0x83339916UL, 0xED17AC85UL), BN_DEF(0x893BA84CUL, 0x1D6F60BAUL),
+BN_DEF(0x754ABE9FUL, 0x597D89B3UL), BN_DEF(0xF9DE6484UL, 0xB504F333UL)
+};
+
+const BIGNUM bn_inv_sqrt_2 = {
+(BN_ULONG *)inv_sqrt_2_val,
+OSSL_NELEM(inv_sqrt_2_val),
+OSSL_NELEM(inv_sqrt_2_val),
+0,
+BN_FLG_STATIC_DATA
+};
/*
* FIPS 186-4 Table B.1. "Min length of auxiliary primes p1, p2, q1, q2".
@@ -221,9 +242,12 @@ int bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X,
const BIGNUM *Xin,
int i, imax;
int bits = nlen >> 1;
BIGNUM *tmp, *R, *r1r2x2, *y1, *r1x2;
+BIGNUM *base, *range;
BN_CTX_start(ctx);
+base = BN_CTX_get(ctx);
+range = BN_CTX_get(ctx);
R = BN_CTX_get(ctx);
tmp = BN_CTX_get(ctx);
r1r2x2 = BN_CTX_get(ctx);
@@ -235,6 +259,24 @@ int bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X,
const BIGNUM *Xin,
if (Xin != NULL && BN_copy(X, Xin) == NULL)
goto err;
+/*
+ * We need to generate a random number X in the range
+ * 1/sqrt(2) * 2^(nlen/2) <= X < 2^(nlen/2).
+ * We can rewrite that as:
+ * base = 1/sqrt(2) * 2^(nlen/2)
+ * range = ((2^(nlen/2))) - (1/sqrt(2) * 2^(nlen/2))
+ * X = base + random(range)
+ * We only have the first 256 bit of 1/sqrt(2)
+ */
+if (Xin == NULL) {
+if (bits < BN_num_bits(_inv_sqrt_2))
+goto err;
+if (!BN_lshift(base, _inv_sqrt_2, bits -
BN_num_bits(_inv_sqrt_2))
+|| !BN_lshift(range, BN_value_one(), bits)
+|| !BN_sub(range, range, base))
+goto err;
+}
+
if (!(BN_lshift1(r1x2, r1)
/* (Step 1) GCD(2r1, r2) = 1 */
&& BN_gcd(tmp, r1x2, r2, ctx)
@@ -257,16 +299,9 @@ int bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X,
const BIGNUM *Xin,
if (Xin == NULL) {
/*
* (Step 3) Choose Random X such that
- *sqrt(2) * 2^(nlen/2-1) < Random X < (2^(nlen/2)) - 1.
- *
- * For the lower bound:
- * sqrt(2) * 2^(nlen/2 - 1) == sqrt(2)/2 * 2^(nlen/2)
- * where sqrt(2)/2 = 0.70710678.. = 0.B504FC33F9DE...
- * so largest number will have B5... as the top byte
- * Setting the top 2 bits gives 0xC0.
+ *sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1.
*/
-if (!BN_priv_rand_ex(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
- ctx))
+if (!BN_priv_rand_range_ex(X, range, ctx) || !BN_add(X, X, base))
goto end;
}
/* (Step 4) Y = X + ((R - X) mod 2r1r2) */
diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c
index d614504bc9..c4c0b6a95b 100644
--- a/crypto/rsa/rsa_sp800_56b_check.c
+++ b/crypto/rsa/rsa_sp800_56b_check.c
@@ -75,38 +75,41 @@ int rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx)
* See SP800-5bBr1 6.4.1.2.1 Part 5 (c) & (g) - used for both p and q.
*
* (√2)(2^(nbits/2 - 1) = (√2/2)(2^(nbits/2))
- * √2/2 = 0.707106781186547524400 = 0.B504F333F9DE6484597D8
- * 0.B504F334 gives an approximation to 11 decimal places.
- * The range is then from
- * 0xB504F334_...000 to
- * 0x_...FFF
*/
int rsa_check_prime_factor_range(const BIGNUM *p,
[openssl] master update
The branch master has been updated
via 42619397eb5db1a77d077250b0841b9c9f2b8984 (commit)
via 6c4ae41f1ca857254fc9e27edead81ff2fd3f3fe (commit)
from 3103a616dc6b3150eaecaf767f268a647f6d (commit)
- Log -
commit 42619397eb5db1a77d077250b0841b9c9f2b8984
Author: Kurt Roeckx
Date: Sun Oct 6 17:21:16 2019 +0200
Add BN_check_prime()
Add a new API to test for primes that can't be misused, deprecated the
old APIs.
Suggested by Jake Massimo and Kenneth Paterson
Reviewed-by: Paul Dale
GH: #9272
commit 6c4ae41f1ca857254fc9e27edead81ff2fd3f3fe
Author: Kurt Roeckx
Date: Sun Oct 6 13:48:10 2019 +0200
Use fewer primes for the trial division
When using Miller-Rabin to test for primes, it's can be faster to first
do trial divisions, but when doing too many trial divisions it gets
slower again. We reduce the number of trial divisions to a point that
gives better performance.
Based on research by Jake Massimo and Kenneth Paterson
Reviewed-by: Paul Dale
GH: #9272
---
Summary of changes:
apps/prime.c | 7 +--
apps/s_client.c | 6 +--
crypto/bn/bn_depr.c | 6 +--
crypto/bn/bn_local.h | 3 ++
crypto/bn/bn_prime.c | 114 +--
crypto/bn/bn_rsa_fips186_4.c | 49 ++---
crypto/bn/bn_x931p.c | 4 +-
crypto/dh/dh_check.c | 8 ++-
crypto/dsa/dsa_gen.c | 10 ++--
crypto/rsa/rsa_chk.c | 6 +--
crypto/rsa/rsa_sp800_56b_check.c | 10 ++--
doc/man1/openssl-prime.pod | 3 +-
doc/man3/BN_generate_prime.pod | 96 +++--
include/openssl/bn.h | 29 +-
include/openssl/dsa.h| 8 +--
test/bntest.c| 4 +-
test/ectest.c| 14 ++---
util/libcrypto.num | 5 +-
18 files changed, 221 insertions(+), 161 deletions(-)
diff --git a/apps/prime.c b/apps/prime.c
index e00a3084a1..55cdad81a0 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -35,7 +35,7 @@ const OPTIONS prime_options[] = {
int prime_main(int argc, char **argv)
{
BIGNUM *bn = NULL;
-int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1;
+int hex = 0, generate = 0, bits = 0, safe = 0, ret = 1;
char *prog;
OPTION_CHOICE o;
@@ -64,7 +64,8 @@ opthelp:
safe = 1;
break;
case OPT_CHECKS:
-checks = atoi(opt_arg());
+/* ignore parameter and argument */
+opt_arg();
break;
}
}
@@ -121,7 +122,7 @@ opthelp:
BN_print(bio_out, bn);
BIO_printf(bio_out, " (%s) %s prime\n",
argv[0],
- BN_is_prime_ex(bn, checks, NULL, NULL)
+ BN_check_prime(bn, NULL, NULL)
? "is" : "is not");
}
}
diff --git a/apps/s_client.c b/apps/s_client.c
index 016df7c657..392ab02234 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -272,8 +272,6 @@ typedef struct srp_arg_st {
int strength; /* minimal size for N */
} SRP_ARG;
-# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
-
static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
{
BN_CTX *bn_ctx = BN_CTX_new();
@@ -281,10 +279,10 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const
BIGNUM *g)
BIGNUM *r = BN_new();
int ret =
g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
-BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1
&&
+BN_check_prime(N, bn_ctx, NULL) == 1 &&
p != NULL && BN_rshift1(p, N) &&
/* p = (N-1)/2 */
-BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1
&&
+BN_check_prime(p, bn_ctx, NULL) == 1 &&
r != NULL &&
/* verify g^((N-1)/2) == -1 (mod N) */
BN_mod_exp(r, g, p, N, bn_ctx) &&
diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c
index 18d02d894e..4dbbdc3814 100644
--- a/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
@@ -52,7 +52,7 @@ int BN_is_prime(const BIGNUM *a, int checks,
{
BN_GENCB cb;
BN_GENCB_set_old(, callback, cb_arg);
-return BN_is_prime_ex(a, checks, ctx_passed, );
+return bn_check_prime_int(a, checks, ctx_passed, 0, );
}
int BN_is_prime_fasttest(const BIGNUM *a, int checks,
@@ -62,7 +62,7 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
{
BN_GENCB cb;
BN_GENCB_set_old(, callback, cb_arg);
-return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
-
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via eee565ec4b8509b53ee280e8f37243bc5cb5f535 (commit) from b6390e8460058b89a9cced913f9d627817c80f84 (commit) - Log - commit eee565ec4b8509b53ee280e8f37243bc5cb5f535 Author: Kurt Roeckx Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: #10015 Reviewed-by: Bernd Edlinger GH: #10044 (cherry picked from commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02) --- Summary of changes: crypto/rand/rand_unix.c | 52 ++--- 1 file changed, 49 insertions(+), 3 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 2997d3ee62..f88470d35f 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -282,12 +282,58 @@ static ssize_t sysctl_random(char *buf, size_t buflen) # if defined(OPENSSL_RAND_SEED_GETRANDOM) # if defined(__linux) && !defined(__NR_getrandom) -#if defined(__arm__) && defined(__NR_SYSCALL_BASE) +#if defined(__arm__) # define __NR_getrandom(__NR_SYSCALL_BASE+384) #elif defined(__i386__) # define __NR_getrandom355 -#elif defined(__x86_64__) && !defined(__ILP32__) -# define __NR_getrandom318 +#elif defined(__x86_64__) +# if defined(__ILP32__) +# define __NR_getrandom (__X32_SYSCALL_BIT + 318) +# else +# define __NR_getrandom 318 +# endif +#elif defined(__xtensa__) +# define __NR_getrandom338 +#elif defined(__s390__) || defined(__s390x__) +# define __NR_getrandom349 +#elif defined(__bfin__) +# define __NR_getrandom389 +#elif defined(__powerpc__) +# define __NR_getrandom359 +#elif defined(__mips__) || defined(__mips64) +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define __NR_getrandom (__NR_Linux + 353) +# elif _MIPS_SIM == _MIPS_SIM_ABI64 +# define __NR_getrandom (__NR_Linux + 313) +# elif _MIPS_SIM == _MIPS_SIM_NABI32 +# define __NR_getrandom (__NR_Linux + 317) +# endif +#elif defined(__hppa__) +# define __NR_getrandom(__NR_Linux + 339) +#elif defined(__sparc__) +# define __NR_getrandom347 +#elif defined(__ia64__) +# define __NR_getrandom1339 +#elif defined(__alpha__) +# define __NR_getrandom511 +#elif defined(__sh__) +# if defined(__SH5__) +# define __NR_getrandom 373 +# else +# define __NR_getrandom 384 +# endif +#elif defined(__avr32__) +# define __NR_getrandom317 +#elif defined(__microblaze__) +# define __NR_getrandom385 +#elif defined(__m68k__) +# define __NR_getrandom352 +#elif defined(__cris__) +# define __NR_getrandom356 +#elif defined(__aarch64__) +# define __NR_getrandom278 +#else /* generic */ +# define __NR_getrandom278 #endif # endif
[openssl] master update
The branch master has been updated via 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 (commit) from dfe1752c8414840b25bf094db2f24f810fefce85 (commit) - Log - commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 Author: Kurt Roeckx Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: #10015 Reviewed-by: Bernd Edlinger GH: #10044 --- Summary of changes: crypto/rand/rand_unix.c | 52 ++--- 1 file changed, 49 insertions(+), 3 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 8ed40236fd..7f3ea30e33 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -261,12 +261,58 @@ static ssize_t sysctl_random(char *buf, size_t buflen) # if defined(OPENSSL_RAND_SEED_GETRANDOM) # if defined(__linux) && !defined(__NR_getrandom) -#if defined(__arm__) && defined(__NR_SYSCALL_BASE) +#if defined(__arm__) # define __NR_getrandom(__NR_SYSCALL_BASE+384) #elif defined(__i386__) # define __NR_getrandom355 -#elif defined(__x86_64__) && !defined(__ILP32__) -# define __NR_getrandom318 +#elif defined(__x86_64__) +# if defined(__ILP32__) +# define __NR_getrandom (__X32_SYSCALL_BIT + 318) +# else +# define __NR_getrandom 318 +# endif +#elif defined(__xtensa__) +# define __NR_getrandom338 +#elif defined(__s390__) || defined(__s390x__) +# define __NR_getrandom349 +#elif defined(__bfin__) +# define __NR_getrandom389 +#elif defined(__powerpc__) +# define __NR_getrandom359 +#elif defined(__mips__) || defined(__mips64) +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define __NR_getrandom (__NR_Linux + 353) +# elif _MIPS_SIM == _MIPS_SIM_ABI64 +# define __NR_getrandom (__NR_Linux + 313) +# elif _MIPS_SIM == _MIPS_SIM_NABI32 +# define __NR_getrandom (__NR_Linux + 317) +# endif +#elif defined(__hppa__) +# define __NR_getrandom(__NR_Linux + 339) +#elif defined(__sparc__) +# define __NR_getrandom347 +#elif defined(__ia64__) +# define __NR_getrandom1339 +#elif defined(__alpha__) +# define __NR_getrandom511 +#elif defined(__sh__) +# if defined(__SH5__) +# define __NR_getrandom 373 +# else +# define __NR_getrandom 384 +# endif +#elif defined(__avr32__) +# define __NR_getrandom317 +#elif defined(__microblaze__) +# define __NR_getrandom385 +#elif defined(__m68k__) +# define __NR_getrandom352 +#elif defined(__cris__) +# define __NR_getrandom356 +#elif defined(__aarch64__) +# define __NR_getrandom278 +#else /* generic */ +# define __NR_getrandom278 #endif # endif
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via c8d66837ad4f6b5be5b8b291753900de977f1dd1 (commit) from 58f0a4f16b6e7f876f8ba68e4e850304a729cd5c (commit) - Log - commit c8d66837ad4f6b5be5b8b291753900de977f1dd1 Author: Kurt Roeckx Date: Fri Sep 20 20:26:42 2019 +0200 Use the correct maximum indent Found by OSS-Fuzz Reviewed-by: Richard Levitte Reviewed-by: Paul Dale GH: #9959 (cherry picked from commit a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d) --- Summary of changes: crypto/bio/b_dump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 0d06414e7d..45f1c523ce 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -36,8 +36,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if (indent < 0) indent = 0; -else if (indent > 128) -indent = 128; +else if (indent > 64) +indent = 64; dump_width = DUMP_WIDTH_LESS_INDENT(indent); rows = len / dump_width;
[openssl] master update
The branch master has been updated via a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d (commit) from ec87a649dd2128bde780f6e34a4833d9469f6b4d (commit) - Log - commit a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d Author: Kurt Roeckx Date: Fri Sep 20 20:26:42 2019 +0200 Use the correct maximum indent Found by OSS-Fuzz Reviewed-by: Richard Levitte Reviewed-by: Paul Dale GH: #9959 --- Summary of changes: crypto/bio/b_dump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index e4ad3615f4..018c4acb27 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -37,8 +37,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if (indent < 0) indent = 0; -else if (indent > 128) -indent = 128; +else if (indent > 64) +indent = 64; dump_width = DUMP_WIDTH_LESS_INDENT(indent); rows = len / dump_width;
[openssl] master update
The branch master has been updated via 639b53ecd82648fbb66a2ab7dabece7f15a1f730 (commit) from a74b2eda2fcc386e85c6f859729631b0642c4ee6 (commit) - Log - commit 639b53ecd82648fbb66a2ab7dabece7f15a1f730 Author: Brian Chen Date: Tue May 7 04:05:44 2019 -0400 Update fuzzing README for recent clang versions Recent clang versions ship with libfuzzer, so there's no need to build libfuzzer yourself. They also have a dedicated -fsanitize=fuzzer-no-link flag and no longer support the sanitize flags described in the fuzzing README. Update it to reflect all this. Fixes #8768. Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx GH: #8891 --- Summary of changes: fuzz/README.md | 75 +- 1 file changed, 43 insertions(+), 32 deletions(-) diff --git a/fuzz/README.md b/fuzz/README.md index 8e7c48d45e..dadf874691 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -3,57 +3,68 @@ LibFuzzer = -Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html). +How to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html), +starting from a vanilla+OpenSSH server Ubuntu install. -Starting from a vanilla+OpenSSH server Ubuntu install. +With `clang` from a package manager +--- -Use Chrome's handy recent build of clang. Older versions may also work. +Install `clang`, which [ships with `libfuzzer`](http://llvm.org/docs/LibFuzzer.html#fuzzer-usage) +since version 6.0: -$ sudo apt-get install git -$ mkdir git-work -$ git clone https://chromium.googlesource.com/chromium/src/tools/clang -$ clang/scripts/update.py +$ sudo apt-get install clang -You may want to git pull and re-run the update from time to time. - -Update your path: - -$ PATH=~/third_party/llvm-build/Release+Asserts/bin/:$PATH - -Get and build libFuzzer (there is a git mirror at -https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer): - -$ cd -$ sudo apt-get install subversion -$ mkdir svn-work -$ cd svn-work -$ svn co https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer Fuzzer -$ cd Fuzzer -$ clang++ -c -g -O2 -std=c++11 *.cpp -$ ar r libFuzzer.a *.o -$ ranlib libFuzzer.a - -Configure for fuzzing: +Configure `openssl` for fuzzing. For now, you'll still need to pass in the path +to the `libFuzzer` library file while configuring; this is represented as +`$PATH_TO_LIBFUZZER` below. A typical value would be +`/usr/lib/llvm-6.0/lib/clang/6.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a`. $ CC=clang ./config enable-fuzz-libfuzzer \ ---with-fuzzer-include=../../svn-work/Fuzzer \ ---with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer.a \ +--with-fuzzer-lib=$PATH_TO_LIBFUZZER \ -DPEDANTIC enable-asan enable-ubsan no-shared \ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ --fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp \ -enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 \ +-fsanitize=fuzzer-no-link \ +enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ enable-weak-ssl-ciphers enable-rc5 enable-md2 \ enable-ssl3 enable-ssl3-method enable-nextprotoneg \ --debug + +Compile: + $ sudo apt-get install make $ LDCMD=clang++ make -j + +Finally, perform the actual fuzzing: + $ fuzz/helper.py $FUZZER -Where $FUZZER is one of the executables in `fuzz/`. +where $FUZZER is one of the executables in `fuzz/`. If you get a crash, you should find a corresponding input file in `fuzz/corpora/$FUZZER-crash/`. +With `clang` from source/pre-built binaries +--- + +You may also wish to use a pre-built binary from the [LLVM Download +site](http://releases.llvm.org/download.html), or to [build `clang` from +source](https://clang.llvm.org/get_started.html). After adding `clang` to your +path and locating the `libfuzzer` library file, the procedure for configuring +fuzzing is the same, except that you also need to specify +a `--with-fuzzer-include` option, which should be the parent directory of the +prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below. + +$ CC=clang ./config enable-fuzz-libfuzzer \ +--with-fuzzer-include=$PATH_TO_LIBFUZZER_DIR \ +--with-fuzzer-lib=$PATH_TO_LIBFUZZER \ +-DPEDANTIC enable-asan enable-ubsan no-shared \ +-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ +-fsanitize=fuzzer-no-link \ +enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ +enable-weak-ssl-ciphers enable-rc5 enable-md2 \ +enable-ssl3
[openssl] master update
The branch master has been updated via e3a0d367299ee9f384ef912c644dbb5ef195798d (commit) from da0201814380144151293811e9cd63732e0e0c3e (commit) - Log - commit e3a0d367299ee9f384ef912c644dbb5ef195798d Author: Kurt Roeckx Date: Sun Jul 7 11:04:32 2019 +0200 Auto add a label depending on the type of issue they report. Reviewed-by: Richard Levitte GH: #9319 --- Summary of changes: .github/ISSUE_TEMPLATE/bug_report.md | 1 + .github/ISSUE_TEMPLATE/feature_request.md | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 0d6d219..80d60c5 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,5 +1,6 @@ --- name: Bug report +labels: bug about: Report a defect in the software --- diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 9e5565e..27d66e6 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,5 +1,6 @@ --- name: Feature request +labels: feature about: Propose a feature you would like to see added in the software ---
[openssl] master update
The branch master has been updated
via 7ed66e2634e6cfbb16a1ef975572e79a479217a8 (commit)
via be5fc053ed40bb714944f93e2d35265d2096f71f (commit)
from e6071f29c24cd22ac7857bf88917598265cc90a9 (commit)
- Log -
commit 7ed66e2634e6cfbb16a1ef975572e79a479217a8
Author: Kurt Roeckx
Date: Wed Dec 19 00:36:40 2018 +0100
Change EVP_MAC method from copy to dup
Reviewed-by: Tomas Mraz
GH: #7651
commit be5fc053ed40bb714944f93e2d35265d2096f71f
Author: Kurt Roeckx
Date: Sun Nov 4 19:16:20 2018 +0100
Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()
Reviewed-by: Tomas Mraz
GH: #7651
---
Summary of changes:
crypto/blake2/blake2b_mac.c | 12 ++--
crypto/blake2/blake2s_mac.c | 12 ++--
crypto/cmac/cm_meth.c | 18
crypto/err/openssl.txt| 3 +-
crypto/evp/evp_err.c | 3 +-
crypto/evp/mac_lib.c | 24 ++-
crypto/evp/pkey_mac.c | 46 ++---
crypto/gmac/gmac.c| 18 ++--
crypto/hmac/hm_meth.c | 19
crypto/include/internal/evp_int.h | 2 +-
crypto/kdf/sskdf.c| 8 +++--
crypto/kdf/tls1_prf.c | 21 +-
crypto/kmac/kmac.c| 19 +---
crypto/modes/modes_lcl.h | 1 -
crypto/modes/siv128.c | 61 +++
crypto/poly1305/poly1305_meth.c | 12 ++--
crypto/siphash/siphash_meth.c | 13 +++--
doc/man3/EVP_MAC.pod | 21 +++---
include/openssl/evp.h | 2 +-
include/openssl/evperr.h | 3 +-
util/libcrypto.num| 2 +-
21 files changed, 215 insertions(+), 105 deletions(-)
diff --git a/crypto/blake2/blake2b_mac.c b/crypto/blake2/blake2b_mac.c
index b38e9b8..f6025b1 100644
--- a/crypto/blake2/blake2b_mac.c
+++ b/crypto/blake2/blake2b_mac.c
@@ -39,10 +39,16 @@ static void blake2b_mac_free(EVP_MAC_IMPL *macctx)
}
}
-static int blake2b_mac_copy(EVP_MAC_IMPL *dst, EVP_MAC_IMPL *src)
+static EVP_MAC_IMPL *blake2b_mac_dup(const EVP_MAC_IMPL *src)
{
+EVP_MAC_IMPL *dst;
+
+dst = OPENSSL_zalloc(sizeof(*dst));
+if (dst == NULL)
+return NULL;
+
*dst = *src;
-return 1;
+return dst;
}
static int blake2b_mac_init(EVP_MAC_IMPL *macctx)
@@ -177,7 +183,7 @@ static size_t blake2b_mac_size(EVP_MAC_IMPL *macctx)
const EVP_MAC blake2b_mac_meth = {
EVP_MAC_BLAKE2B,
blake2b_mac_new,
-blake2b_mac_copy,
+blake2b_mac_dup,
blake2b_mac_free,
blake2b_mac_size,
blake2b_mac_init,
diff --git a/crypto/blake2/blake2s_mac.c b/crypto/blake2/blake2s_mac.c
index 04dbf4e..9ce8db1 100644
--- a/crypto/blake2/blake2s_mac.c
+++ b/crypto/blake2/blake2s_mac.c
@@ -39,10 +39,16 @@ static void blake2s_mac_free(EVP_MAC_IMPL *macctx)
}
}
-static int blake2s_mac_copy(EVP_MAC_IMPL *dst, EVP_MAC_IMPL *src)
+static EVP_MAC_IMPL *blake2s_mac_dup(const EVP_MAC_IMPL *src)
{
+EVP_MAC_IMPL *dst;
+
+dst = OPENSSL_malloc(sizeof(*dst));
+if (dst == NULL)
+return NULL;
+
*dst = *src;
-return 1;
+return dst;
}
static int blake2s_mac_init(EVP_MAC_IMPL *macctx)
@@ -177,7 +183,7 @@ static size_t blake2s_mac_size(EVP_MAC_IMPL *macctx)
const EVP_MAC blake2s_mac_meth = {
EVP_MAC_BLAKE2S,
blake2s_mac_new,
-blake2s_mac_copy,
+blake2s_mac_dup,
blake2s_mac_free,
blake2s_mac_size,
blake2s_mac_init,
diff --git a/crypto/cmac/cm_meth.c b/crypto/cmac/cm_meth.c
index 3f20e6c..07acf05 100644
--- a/crypto/cmac/cm_meth.c
+++ b/crypto/cmac/cm_meth.c
@@ -46,14 +46,22 @@ static void cmac_free(EVP_MAC_IMPL *cctx)
}
}
-static int cmac_copy(EVP_MAC_IMPL *cdst, EVP_MAC_IMPL *csrc)
+static EVP_MAC_IMPL *cmac_dup(const EVP_MAC_IMPL *csrc)
{
-if (!CMAC_CTX_copy(cdst->ctx, csrc->ctx))
-return 0;
+EVP_MAC_IMPL *cdst = cmac_new();
+
+if (cdst == NULL)
+return NULL;
+
+if (!CMAC_CTX_copy(cdst->ctx, csrc->ctx)) {
+cmac_free(cdst);
+return NULL;
+}
cdst->tmpengine = csrc->tmpengine;
cdst->tmpcipher = csrc->tmpcipher;
-return 1;
+
+return cdst;
}
static size_t cmac_size(EVP_MAC_IMPL *cctx)
@@ -153,7 +161,7 @@ static int cmac_ctrl_str(EVP_MAC_IMPL *cctx, const char
*type,
const EVP_MAC cmac_meth = {
EVP_MAC_CMAC,
cmac_new,
-cmac_copy,
+cmac_dup,
cmac_free,
cmac_size,
cmac_init,
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 72057ac..3fb8c96 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -809,7 +809,7 @@ EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new
EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id
EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl
EV
[openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated
via 0f283c9a665c5dc5cd2b89a3373da34f144ebd64 (commit)
from cea83f9f7825309379db3fea77f19edf0c5b1e13 (commit)
- Log -
commit 0f283c9a665c5dc5cd2b89a3373da34f144ebd64
Author: Kurt Roeckx
Date: Sat Apr 13 12:32:48 2019 +0200
Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger
Reviewed-by: Richard Levitte
GH: #8741
(cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e)
---
Summary of changes:
CHANGES| 6 ++
crypto/dh/dh_pmeth.c | 2 +-
crypto/dsa/dsa_pmeth.c | 8
crypto/rsa/rsa_pmeth.c | 2 +-
doc/apps/genpkey.pod | 8
5 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/CHANGES b/CHANGES
index 78c7b59..38864c1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,12 @@
Changes between 1.0.2r and 1.0.2s [xx XXX ]
+ *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+ This changes the size when using the genpkey app when no size is given. It
+ fixes an omission in earlier changes that changed all RSA, DSA and DH
+ generation apps to use 2048 bits by default.
+ [Kurt Roeckx]
+
*) Add FIPS support for Android Arm 64-bit
Support for Android Arm 64-bit was added to the OpenSSL FIPS Object
Module in
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 162753a..30777c8 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -101,7 +101,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
if (!dctx)
return 0;
-dctx->prime_len = 1024;
+dctx->prime_len = 2048;
dctx->subprime_len = -1;
dctx->generator = 2;
dctx->use_dsa = 0;
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 7f00e97..51e382d 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -69,8 +69,8 @@
typedef struct {
/* Parameter gen parameters */
-int nbits; /* size of p in bits (default: 1024) */
-int qbits; /* size of q in bits (default: 160) */
+int nbits; /* size of p in bits (default: 2048) */
+int qbits; /* size of q in bits (default: 224) */
const EVP_MD *pmd; /* MD for parameter generation */
/* Keygen callback info */
int gentmp[2];
@@ -84,8 +84,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
if (!dctx)
return 0;
-dctx->nbits = 1024;
-dctx->qbits = 160;
+dctx->nbits = 2048;
+dctx->qbits = 224;
dctx->pmd = NULL;
dctx->md = NULL;
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 00e730f..b0a51ee 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -103,7 +103,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
if (!rctx)
return 0;
-rctx->nbits = 1024;
+rctx->nbits = 2048;
rctx->pub_exp = NULL;
rctx->pad_mode = RSA_PKCS1_PADDING;
rctx->md = NULL;
diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod
index 2e24400..2a86c68 100644
--- a/doc/apps/genpkey.pod
+++ b/doc/apps/genpkey.pod
@@ -111,7 +111,7 @@ below.
=item B
-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.
=item B
@@ -149,12 +149,12 @@ below.
=item B
-The number of bits in the generated prime. If not specified 1024 is used.
+The number of bits in the generated prime. If not specified 2048 is used.
=item B
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
-specified 160 is used.
+specified 224 is used.
=item B
@@ -173,7 +173,7 @@ or B if it is 256.
=item B
-The number of bits in the prime parameter B. The default is 1024.
+The number of bits in the prime parameter B. The default is 2048.
=item B
[openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via ccbf148e30c5cb5f595c5d9e713c68768fe84248 (commit)
from 3b5a079d6b454d6d46279e2d56d625495c597633 (commit)
- Log -
commit ccbf148e30c5cb5f595c5d9e713c68768fe84248
Author: Kurt Roeckx
Date: Sat Apr 13 12:32:48 2019 +0200
Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger
Reviewed-by: Richard Levitte
GH: #8741
(cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e)
---
Summary of changes:
CHANGES| 6 ++
crypto/dh/dh_pmeth.c | 2 +-
crypto/dsa/dsa_pmeth.c | 8
crypto/rsa/rsa_pmeth.c | 2 +-
doc/apps/genpkey.pod | 8
5 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/CHANGES b/CHANGES
index d0b6fd7..de7a8a7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,12 @@
Changes between 1.1.0j and 1.1.0k [xx XXX ]
+ *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+ This changes the size when using the genpkey app when no size is given. It
+ fixes an omission in earlier changes that changed all RSA, DSA and DH
+ generation apps to use 2048 bits by default.
+ [Kurt Roeckx]
+
*) Added SCA hardening for modular field inversion in EC_GROUP through
a new dedicated field_inv() pointer in EC_METHOD.
This also addresses a leakage affecting conversions from projective
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index c3e03c7..4b9e981 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -51,7 +51,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
dctx = OPENSSL_zalloc(sizeof(*dctx));
if (dctx == NULL)
return 0;
-dctx->prime_len = 1024;
+dctx->prime_len = 2048;
dctx->subprime_len = -1;
dctx->generator = 2;
dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index d606316..f5ba5fd 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -20,8 +20,8 @@
typedef struct {
/* Parameter gen parameters */
-int nbits; /* size of p in bits (default: 1024) */
-int qbits; /* size of q in bits (default: 160) */
+int nbits; /* size of p in bits (default: 2048) */
+int qbits; /* size of q in bits (default: 224) */
const EVP_MD *pmd; /* MD for parameter generation */
/* Keygen callback info */
int gentmp[2];
@@ -35,8 +35,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
dctx = OPENSSL_malloc(sizeof(*dctx));
if (dctx == NULL)
return 0;
-dctx->nbits = 1024;
-dctx->qbits = 160;
+dctx->nbits = 2048;
+dctx->qbits = 224;
dctx->pmd = NULL;
dctx->md = NULL;
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 2d1dffb..0037b91 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -48,7 +48,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
rctx = OPENSSL_zalloc(sizeof(*rctx));
if (rctx == NULL)
return 0;
-rctx->nbits = 1024;
+rctx->nbits = 2048;
rctx->pad_mode = RSA_PKCS1_PADDING;
rctx->saltlen = -2;
ctx->data = rctx;
diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod
index 91b12e2..27fee6e 100644
--- a/doc/apps/genpkey.pod
+++ b/doc/apps/genpkey.pod
@@ -116,7 +116,7 @@ below.
=item B
-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.
=item B
@@ -154,12 +154,12 @@ below.
=item B
-The number of bits in the generated prime. If not specified 1024 is used.
+The number of bits in the generated prime. If not specified 2048 is used.
=item B
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
-specified 160 is used.
+specified 224 is used.
=item B
@@ -178,7 +178,7 @@ or B if it is 256.
=item B
-The number of bits in the prime parameter B. The default is 1024.
+The number of bits in the prime parameter B. The default is 2048.
=item B
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 408cb4c88875e70dcb6acfceb8e1a74714e26be4 (commit)
from 3ae3c38825d16fc1fb68abed1fa65975c0e73377 (commit)
- Log -
commit 408cb4c88875e70dcb6acfceb8e1a74714e26be4
Author: Kurt Roeckx
Date: Sat Apr 13 12:32:48 2019 +0200
Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger
Reviewed-by: Richard Levitte
GH: #8741
(cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e)
---
Summary of changes:
CHANGES| 6 +-
crypto/dh/dh_pmeth.c | 2 +-
crypto/dsa/dsa_pmeth.c | 8
crypto/rsa/rsa_pmeth.c | 2 +-
doc/man1/genpkey.pod | 8
5 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/CHANGES b/CHANGES
index f58022b..53f8563 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,11 @@
Changes between 1.1.1b and 1.1.1c [xx XXX ]
- *)
+ *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+ This changes the size when using the genpkey app when no size is given. It
+ fixes an omission in earlier changes that changed all RSA, DSA and DH
+ generation apps to use 2048 bits by default.
+ [Kurt Roeckx]
Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index cce2d9e..0373778 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -54,7 +54,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
return 0;
}
-dctx->prime_len = 1024;
+dctx->prime_len = 2048;
dctx->subprime_len = -1;
dctx->generator = 2;
dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index b4ee5a7..dedbe5e 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -20,8 +20,8 @@
typedef struct {
/* Parameter gen parameters */
-int nbits; /* size of p in bits (default: 1024) */
-int qbits; /* size of q in bits (default: 160) */
+int nbits; /* size of p in bits (default: 2048) */
+int qbits; /* size of q in bits (default: 224) */
const EVP_MD *pmd; /* MD for parameter generation */
/* Keygen callback info */
int gentmp[2];
@@ -35,8 +35,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
if (dctx == NULL)
return 0;
-dctx->nbits = 1024;
-dctx->qbits = 160;
+dctx->nbits = 2048;
+dctx->qbits = 224;
dctx->pmd = NULL;
dctx->md = NULL;
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 5c0efc8..082ab8f 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -56,7 +56,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
if (rctx == NULL)
return 0;
-rctx->nbits = 1024;
+rctx->nbits = 2048;
rctx->primes = RSA_DEFAULT_PRIME_NUM;
if (pkey_ctx_is_pss(ctx))
rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod
index 202e531..e7eee5e 100644
--- a/doc/man1/genpkey.pod
+++ b/doc/man1/genpkey.pod
@@ -118,7 +118,7 @@ or ED448 algorithms.
=item B
-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.
=item B
@@ -185,12 +185,12 @@ below.
=item B
-The number of bits in the generated prime. If not specified 1024 is used.
+The number of bits in the generated prime. If not specified 2048 is used.
=item B
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
-specified 160 is used.
+specified 224 is used.
=item B
@@ -209,7 +209,7 @@ or B if it is 256.
=item B
-The number of bits in the prime parameter B. The default is 1024.
+The number of bits in the prime parameter B. The default is 2048.
=item B
[openssl] master update
The branch master has been updated
via 70b0b977f73cd70e17538af3095d18e0cf59132e (commit)
from 2c23689402f1894861519d0c1ad762a3e52f4677 (commit)
- Log -
commit 70b0b977f73cd70e17538af3095d18e0cf59132e
Author: Kurt Roeckx
Date: Sat Apr 13 12:32:48 2019 +0200
Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger
Reviewed-by: Richard Levitte
GH: #8741
---
Summary of changes:
CHANGES| 6 ++
crypto/dh/dh_pmeth.c | 2 +-
crypto/dsa/dsa_pmeth.c | 8
crypto/rsa/rsa_pmeth.c | 2 +-
doc/man1/genpkey.pod | 8
5 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/CHANGES b/CHANGES
index a5d6950..86da7f1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,12 @@
Changes between 1.1.1 and 3.0.0 [xx XXX ]
+ *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+ This changes the size when using the genpkey app when no size is given. It
+ fixes an omission in earlier changes that changed all RSA, DSA and DH
+ generation apps to use 2048 bits by default.
+ [Kurt Roeckx]
+
*) Added command 'openssl kdf' that uses the EVP_KDF API.
[Shane Lontis]
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 3497915..f630fd3 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -54,7 +54,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
return 0;
}
-dctx->prime_len = 1024;
+dctx->prime_len = 2048;
dctx->subprime_len = -1;
dctx->generator = 2;
dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index cfba91c..0916f97 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -20,8 +20,8 @@
typedef struct {
/* Parameter gen parameters */
-int nbits; /* size of p in bits (default: 1024) */
-int qbits; /* size of q in bits (default: 160) */
+int nbits; /* size of p in bits (default: 2048) */
+int qbits; /* size of q in bits (default: 224) */
const EVP_MD *pmd; /* MD for parameter generation */
/* Keygen callback info */
int gentmp[2];
@@ -35,8 +35,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
if (dctx == NULL)
return 0;
-dctx->nbits = 1024;
-dctx->qbits = 160;
+dctx->nbits = 2048;
+dctx->qbits = 224;
dctx->pmd = NULL;
dctx->md = NULL;
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 3d3e971..bd0870b 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -56,7 +56,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
if (rctx == NULL)
return 0;
-rctx->nbits = 1024;
+rctx->nbits = 2048;
rctx->primes = RSA_DEFAULT_PRIME_NUM;
if (pkey_ctx_is_pss(ctx))
rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod
index 1774974..e418c13 100644
--- a/doc/man1/genpkey.pod
+++ b/doc/man1/genpkey.pod
@@ -118,7 +118,7 @@ or ED448 algorithms.
=item B
-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.
=item B
@@ -185,12 +185,12 @@ below.
=item B
-The number of bits in the generated prime. If not specified 1024 is used.
+The number of bits in the generated prime. If not specified 2048 is used.
=item B
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
-specified 160 is used.
+specified 224 is used.
=item B
@@ -209,7 +209,7 @@ or B if it is 256.
=item B
-The number of bits in the prime parameter B. The default is 1024.
+The number of bits in the prime parameter B. The default is 2048.
=item B
[web] master update
The branch master has been updated via b506b4fae6ec2661f12c2ae522c83c2f4fc051b3 (commit) via 947d03ee10750815f8cf7a2e597dfb6441857295 (commit) from 5ea7530ac9bea4482635ec821e5babff35aec8c7 (commit) - Log - commit b506b4fae6ec2661f12c2ae522c83c2f4fc051b3 Author: Kurt Roeckx Date: Sat Dec 8 20:12:01 2018 +0100 Update security policy commit 947d03ee10750815f8cf7a2e597dfb6441857295 Author: Mark J. Cox Date: Thu Nov 29 15:27:27 2018 + Discussed at the OMC face to face that we should make it clear what things we consider in and out of scope of being OpenSSL vulnerabilities and therefore what we will assign a CVE for --- Summary of changes: policies/secpolicy.html | 45 ++--- 1 file changed, 34 insertions(+), 11 deletions(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 3a298d4..d54fcc6 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@ Security Policy - Last modified 16th May 2018 + Last modified 12th May 2019 @@ -21,11 +21,11 @@ If you wish to report a possible security issue in OpenSSL -please notify us. +please notify us. Issue triage - + Notifications are received by a group of OpenSSL Management Committee members. We engage resources within @@ -38,12 +38,35 @@ + Threat Model + +Certain threats are currently considered outside of the scope of the OpenSSL threat model. + Accordingly, we do not consider OpenSSL secure against the following classes of attacks: + +same physical system side channel +CPU/hardware flaws +physical fault injection +physical observation side channels (e.g. power consumption, EM emissions, etc) + + + Mitigations for security issues outside of our threat scope may + still be addressed, however we do not class these as OpenSSL vulnerabilities + and will therefore not issue CVEs for any mitigations to address these issues. + + We are working towards making the same physical system side + channel attacks very hard. + + Prior to the threat model being included in this policy, CVEs + were sometimes issued for these classes of attacks. The + existence of a previous CVE does not override this policy going + forward. + Issue severity We will determine the risk of each issue, taking into account our experience dealing with past issues, versions affected, common defaults, and use cases. - We use the following severity categories: +We use the following severity categories: CRITICAL Severity. @@ -51,8 +74,8 @@ be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to - compromise server private keys (excluding local, theoretical or - difficult to exploit side channel attacks) or where remote code + compromise server private keys + or where remote code execution is considered likely in common situations. These issues will be kept private and will trigger a new release of all supported versions. We will attempt to address these as @@ -67,7 +90,7 @@ versions. We will attempt to keep the time these issues are private to a minimum; our aim would be no longer than a month where this is something under our control - + MODERATE Severity. This includes issues like crashes in client applications, @@ -75,12 +98,12 @@ and local flaws. These will in general be kept private until the next release, and that release will be scheduled so that it can roll up several such flaws at one time. - + LOW Severity. This includes issues such as those that only affect the - openssl command line utility, unlikely configurations, or hard - to exploit timing (side channel) attacks. These will in general + openssl command line utility, or unlikely configurations. + These will in general be fixed immediately in latest development versions
[openssl] master update
The branch master has been updated via 3e3dcf9ab8a2fc0214502dad56d94fd95bcbbfd5 (commit) from 72eb100f8a38c5b3822d7751eddaa2f3f4576fa1 (commit) - Log - commit 3e3dcf9ab8a2fc0214502dad56d94fd95bcbbfd5 Author: Kurt Roeckx Date: Sat Apr 13 14:04:35 2019 +0200 Call RSA generation callback at the correct time. The callback should be called with 1 when a Miller-Rabin round marked the candidate as probably prime. Reviewed-by: Bernd Edlinger GH: #8742 --- Summary of changes: crypto/bn/bn_prime.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 2c9f89d..03402c2 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -329,8 +329,6 @@ int bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, if (BN_is_one(z)) goto composite; } -if (!BN_GENCB_call(cb, 1, i)) -goto err; /* At this point z = b^((w-1)/2) mod w */ /* (Steps 4.8 - 4.9) x = z, z = x^2 mod w */ if (!BN_copy(x, z) || !BN_mod_mul(z, x, x, w, ctx)) @@ -358,6 +356,8 @@ composite: goto err; outer_loop: ; /* (Step 4.1.5) */ +if (!BN_GENCB_call(cb, 1, i)) +goto err; } /* (Step 5) */ *status = BN_PRIMETEST_PROBABLY_PRIME;
[openssl] master update
The branch master has been updated via 32d40d0d8942ac7156066c55354dc174f7b8b3bc (commit) via a9d2d52ed1b56a72e6dd0e24357dea0bb84c3550 (commit) from 695dd3a332fdd54b873fd0d08f9ae720141f24cd (commit) - Log - commit 32d40d0d8942ac7156066c55354dc174f7b8b3bc Author: Kurt Roeckx Date: Tue Feb 19 20:29:53 2019 +0100 Make sure that generated POD files are actually created before we run doc-nits Reviewed-by: Richard Levitte GH: #8285 commit a9d2d52ed1b56a72e6dd0e24357dea0bb84c3550 Author: Kurt Roeckx Date: Tue Feb 19 20:24:08 2019 +0100 Indent with 4 doc-nits says that over needs a parameter Reviewed-by: Richard Levitte GH: #8285 --- Summary of changes: Configurations/unix-Makefile.tmpl | 2 +- doc/man7/openssl_user_macros.pod.in | 8 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 0b744bb..1e6709f 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -721,7 +721,7 @@ generate: generate_apps generate_crypto_bn generate_crypto_objects \ generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids .PHONY: doc-nits -doc-nits: +doc-nits: build_generated (cd $(SRCDIR); $(PERL) util/find-doc-nits -n -p ) >doc-nits @if [ -s doc-nits ] ; then cat doc-nits ; exit 1; \ else echo 'doc-nits: no errors.'; rm doc-nits ; fi diff --git a/doc/man7/openssl_user_macros.pod.in b/doc/man7/openssl_user_macros.pod.in index 30b8121..17c2d2e 100644 --- a/doc/man7/openssl_user_macros.pod.in +++ b/doc/man7/openssl_user_macros.pod.in @@ -19,7 +19,7 @@ user defined macros. =head2 The macros -=over +=over 4 =item B @@ -30,7 +30,7 @@ be declared. The version number assigned to this macro can take one of two forms: -=over +=over 4 =item C<0xMNNFF000L> @@ -43,7 +43,7 @@ Any version number may be given, but these numbers are the current known major deprecation points, making them the most meaningful: -=over +=over 4 =item C<0x00908000L> (version 0.9.8) @@ -63,7 +63,7 @@ This form is a simple number that represents the major version number and is supported for version 3.0.0 and up. For extra convenience, these numbers are also available: -=over +=over 4 =item Z<>0 (C<0x00908000L>, i.e. version 0.9.8)
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5cd8faed79694d8ad8f1db2d02dd7c06fa338dd9 (commit) from a9b9d2654b974f7b2732b9a08e975b1a396efb31 (commit) - Log - commit 5cd8faed79694d8ad8f1db2d02dd7c06fa338dd9 Author: Vedran Miletić Date: Fri Feb 1 15:03:09 2019 +0100 Add missing dots in dgst man page CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell GH: #8142 (cherry picked from commit e3ac3654892246d7492f1012897e42ad7efd13ce) --- Summary of changes: doc/man1/dgst.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod index 47e163b..a2d9808 100644 --- a/doc/man1/dgst.pod +++ b/doc/man1/dgst.pod @@ -230,8 +230,8 @@ prior to verification. =head1 HISTORY -The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0 -The FIPS-related options were removed in OpenSSL 1.1.0 +The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0. =head1 COPYRIGHT
[openssl] master update
The branch master has been updated via e3ac3654892246d7492f1012897e42ad7efd13ce (commit) from 70680262329004c934497040bfc6940072043f48 (commit) - Log - commit e3ac3654892246d7492f1012897e42ad7efd13ce Author: Vedran Miletić Date: Fri Feb 1 15:03:09 2019 +0100 Add missing dots in dgst man page CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell GH: #8142 --- Summary of changes: doc/man1/dgst.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod index 993c92b..c745cfa 100644 --- a/doc/man1/dgst.pod +++ b/doc/man1/dgst.pod @@ -230,8 +230,8 @@ prior to verification. =head1 HISTORY -The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0 -The FIPS-related options were removed in OpenSSL 1.1.0 +The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0. =head1 COPYRIGHT
[openssl] master update
The branch master has been updated via 70680262329004c934497040bfc6940072043f48 (commit) from e09633107b7e987b2179850715ba60d8fb069278 (commit) - Log - commit 70680262329004c934497040bfc6940072043f48 Author: Jan Macku Date: Wed Jan 30 16:09:50 2019 +0100 Fixed typo CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell GH: #8121 --- Summary of changes: doc/man3/RIPEMD160_Init.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/RIPEMD160_Init.pod b/doc/man3/RIPEMD160_Init.pod index aec6441..27ff377 100644 --- a/doc/man3/RIPEMD160_Init.pod +++ b/doc/man3/RIPEMD160_Init.pod @@ -13,7 +13,7 @@ RIPEMD-160 hash function unsigned char *md); int RIPEMD160_Init(RIPEMD160_CTX *c); - int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len); + int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); =head1 DESCRIPTION
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via a9b9d2654b974f7b2732b9a08e975b1a396efb31 (commit) from 2e826078410bdb117710890b0e99bbdbbbf7e95d (commit) - Log - commit a9b9d2654b974f7b2732b9a08e975b1a396efb31 Author: Jan Macku Date: Wed Jan 30 16:09:50 2019 +0100 Fixed typo CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell GH: #8121 (cherry picked from commit 70680262329004c934497040bfc6940072043f48) --- Summary of changes: doc/man3/RIPEMD160_Init.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/RIPEMD160_Init.pod b/doc/man3/RIPEMD160_Init.pod index 77ac4fb..1364aa0 100644 --- a/doc/man3/RIPEMD160_Init.pod +++ b/doc/man3/RIPEMD160_Init.pod @@ -13,7 +13,7 @@ RIPEMD-160 hash function unsigned char *md); int RIPEMD160_Init(RIPEMD160_CTX *c); - int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len); + int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); =head1 DESCRIPTION
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 2e826078410bdb117710890b0e99bbdbbbf7e95d (commit)
via 2086edb799acf6ad5ef0bb53aa3b17abf4f7f992 (commit)
from ed48d2032d29a82c6aebbddf0fbf530ac2d2521d (commit)
- Log -
commit 2e826078410bdb117710890b0e99bbdbbbf7e95d
Author: David Benjamin
Date: Tue Jan 29 17:41:39 2019 -0600
Check for unpaired .cfi_remember_state
Reviewed-by: Richard Levitte
GH: #8109
(cherry picked from commit e09633107b7e987b2179850715ba60d8fb069278)
commit 2086edb799acf6ad5ef0bb53aa3b17abf4f7f992
Author: David Benjamin
Date: Tue Jan 29 05:12:15 2019 +
Fix some CFI issues in x86_64 assembly
The add/double shortcut in ecp_nistz256-x86_64.pl left one instruction
point that did not unwind, and the "slow" path in AES_cbc_encrypt was
not annotated correctly. For the latter, add
.cfi_{remember,restore}_state support to perlasm.
Next, fill in a bunch of functions that are missing no-op .cfi_startproc
and .cfi_endproc blocks. libunwind cannot unwind those stack frames
otherwise.
Finally, work around a bug in libunwind by not encoding rflags. (rflags
isn't a callee-saved register, so there's not much need to annotate it
anyway.)
These were found as part of ABI testing work in BoringSSL.
Reviewed-by: Richard Levitte
GH: #8109
(cherry picked from commit c0e8e5007ba5234d4d448e82a1567e0c4467e629)
---
Summary of changes:
crypto/aes/asm/aes-x86_64.pl | 18 --
crypto/aes/asm/aesni-x86_64.pl | 16
crypto/aes/asm/bsaes-x86_64.pl | 6 ++
crypto/aes/asm/vpaes-x86_64.pl | 26 ++
crypto/bn/asm/rsaz-avx2.pl | 6 ++
crypto/bn/asm/x86_64-mont5.pl| 2 ++
crypto/ec/asm/ecp_nistz256-x86_64.pl | 34 ++
crypto/modes/asm/ghash-x86_64.pl | 12
crypto/perlasm/x86_64-xlate.pl | 17 -
9 files changed, 134 insertions(+), 3 deletions(-)
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
index 4d1dc9c..55c6414 100755
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -554,6 +554,7 @@ $code.=<<___;
.type _x86_64_AES_encrypt_compact,\@abi-omnipotent
.align 16
_x86_64_AES_encrypt_compact:
+.cfi_startproc
lea 128($sbox),$inp # size optimization
mov 0-128($inp),$acc1 # prefetch Te4
mov 32-128($inp),$acc2
@@ -587,6 +588,7 @@ $code.=<<___;
xor 8($key),$s2
xor 12($key),$s3
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
___
@@ -1161,6 +1163,7 @@ $code.=<<___;
.type _x86_64_AES_decrypt_compact,\@abi-omnipotent
.align 16
_x86_64_AES_decrypt_compact:
+.cfi_startproc
lea 128($sbox),$inp # size optimization
mov 0-128($inp),$acc1 # prefetch Td4
mov 32-128($inp),$acc2
@@ -1203,6 +1206,7 @@ $code.=<<___;
xor 8($key),$s2
xor 12($key),$s3
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
___
@@ -1365,6 +1369,7 @@ AES_set_encrypt_key:
.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
.align 16
_x86_64_AES_set_encrypt_key:
+.cfi_startproc
mov %esi,%ecx # %ecx=bits
mov %rdi,%rsi # %rsi=userKey
mov %rdx,%rdi # %rdi=key
@@ -1546,6 +1551,7 @@ $code.=<<___;
mov \$-1,%rax
.Lexit:
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
___
@@ -1728,7 +1734,9 @@ AES_cbc_encrypt:
cmp \$0,%rdx# check length
je .Lcbc_epilogue
pushfq
-.cfi_push 49 # %rflags
+# This could be .cfi_push 49, but libunwind fails on registers it does not
+# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
+.cfi_adjust_cfa_offset 8
push%rbx
.cfi_push %rbx
push%rbp
@@ -1751,6 +1759,7 @@ AES_cbc_encrypt:
cmp \$0,%r9
cmoveq %r10,$sbox
+.cfi_remember_state
mov OPENSSL_ia32cap_P(%rip),%r10d
cmp \$$speed_limit,%rdx
jb .Lcbc_slow_prologue
@@ -1986,6 +1995,7 @@ AES_cbc_encrypt:
#--- SLOW ROUTINE ---#
.align 16
.Lcbc_slow_prologue:
+.cfi_restore_state
# allocate aligned stack frame...
lea -88(%rsp),%rbp
and \$-64,%rbp
@@ -1997,8 +2007,10 @@ AES_cbc_encrypt:
sub
[openssl] master update
The branch master has been updated
via e09633107b7e987b2179850715ba60d8fb069278 (commit)
via c0e8e5007ba5234d4d448e82a1567e0c4467e629 (commit)
from 8f58ede09572dcc6a7e6c01280dd348240199568 (commit)
- Log -
commit e09633107b7e987b2179850715ba60d8fb069278
Author: David Benjamin
Date: Tue Jan 29 17:41:39 2019 -0600
Check for unpaired .cfi_remember_state
Reviewed-by: Richard Levitte
GH: #8109
commit c0e8e5007ba5234d4d448e82a1567e0c4467e629
Author: David Benjamin
Date: Tue Jan 29 05:12:15 2019 +
Fix some CFI issues in x86_64 assembly
The add/double shortcut in ecp_nistz256-x86_64.pl left one instruction
point that did not unwind, and the "slow" path in AES_cbc_encrypt was
not annotated correctly. For the latter, add
.cfi_{remember,restore}_state support to perlasm.
Next, fill in a bunch of functions that are missing no-op .cfi_startproc
and .cfi_endproc blocks. libunwind cannot unwind those stack frames
otherwise.
Finally, work around a bug in libunwind by not encoding rflags. (rflags
isn't a callee-saved register, so there's not much need to annotate it
anyway.)
These were found as part of ABI testing work in BoringSSL.
Reviewed-by: Richard Levitte
GH: #8109
---
Summary of changes:
crypto/aes/asm/aes-x86_64.pl | 18 --
crypto/aes/asm/aesni-x86_64.pl | 16
crypto/aes/asm/bsaes-x86_64.pl | 6 ++
crypto/aes/asm/vpaes-x86_64.pl | 26 ++
crypto/bn/asm/rsaz-avx2.pl | 6 ++
crypto/bn/asm/x86_64-mont5.pl| 2 ++
crypto/ec/asm/ecp_nistz256-x86_64.pl | 34 ++
crypto/modes/asm/ghash-x86_64.pl | 12
crypto/perlasm/x86_64-xlate.pl | 17 -
9 files changed, 134 insertions(+), 3 deletions(-)
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
index d84c697..6e1dcef 100755
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -554,6 +554,7 @@ $code.=<<___;
.type _x86_64_AES_encrypt_compact,\@abi-omnipotent
.align 16
_x86_64_AES_encrypt_compact:
+.cfi_startproc
lea 128($sbox),$inp # size optimization
mov 0-128($inp),$acc1 # prefetch Te4
mov 32-128($inp),$acc2
@@ -587,6 +588,7 @@ $code.=<<___;
xor 8($key),$s2
xor 12($key),$s3
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
___
@@ -1161,6 +1163,7 @@ $code.=<<___;
.type _x86_64_AES_decrypt_compact,\@abi-omnipotent
.align 16
_x86_64_AES_decrypt_compact:
+.cfi_startproc
lea 128($sbox),$inp # size optimization
mov 0-128($inp),$acc1 # prefetch Td4
mov 32-128($inp),$acc2
@@ -1203,6 +1206,7 @@ $code.=<<___;
xor 8($key),$s2
xor 12($key),$s3
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
___
@@ -1365,6 +1369,7 @@ AES_set_encrypt_key:
.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
.align 16
_x86_64_AES_set_encrypt_key:
+.cfi_startproc
mov %esi,%ecx # %ecx=bits
mov %rdi,%rsi # %rsi=userKey
mov %rdx,%rdi # %rdi=key
@@ -1546,6 +1551,7 @@ $code.=<<___;
mov \$-1,%rax
.Lexit:
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
___
@@ -1728,7 +1734,9 @@ AES_cbc_encrypt:
cmp \$0,%rdx# check length
je .Lcbc_epilogue
pushfq
-.cfi_push 49 # %rflags
+# This could be .cfi_push 49, but libunwind fails on registers it does not
+# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
+.cfi_adjust_cfa_offset 8
push%rbx
.cfi_push %rbx
push%rbp
@@ -1751,6 +1759,7 @@ AES_cbc_encrypt:
cmp \$0,%r9
cmoveq %r10,$sbox
+.cfi_remember_state
mov OPENSSL_ia32cap_P(%rip),%r10d
cmp \$$speed_limit,%rdx
jb .Lcbc_slow_prologue
@@ -1986,6 +1995,7 @@ AES_cbc_encrypt:
#--- SLOW ROUTINE ---#
.align 16
.Lcbc_slow_prologue:
+.cfi_restore_state
# allocate aligned stack frame...
lea -88(%rsp),%rbp
and \$-64,%rbp
@@ -1997,8 +2007,10 @@ AES_cbc_encrypt:
sub %r10,%rbp
xchg%rsp,%rbp
+.cfi_def_cfa_register %rbp
#add\$8,%rsp# reserve for return address!
mov %rbp,$_rsp #
[openssl-commits] [openssl] master update
The branch master has been updated
via 6e94b5aecd619afd25e3dc25902952b1b3194edf (commit)
from 04cd70c6899c6b36517b2b07d7a12b2cceba1bef (commit)
- Log -
commit 6e94b5aecd619afd25e3dc25902952b1b3194edf
Author: Kurt Roeckx
Date: Fri Nov 2 15:51:19 2018 +0100
Convert tls1_prf_P_hash to use the EVP_MAC interface
Reviewed-by: Richard Levitte
GH: #7554
---
Summary of changes:
crypto/kdf/tls1_prf.c | 46 +++---
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index c3be7dd..24ad59b 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -178,8 +178,7 @@ static int tls1_prf_P_hash(const EVP_MD *md,
unsigned char *out, size_t olen)
{
int chunk;
-EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
-EVP_PKEY *mac_key = NULL;
+EVP_MAC_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
unsigned char A1[EVP_MAX_MD_SIZE];
size_t A1_len;
int ret = 0;
@@ -188,47 +187,49 @@ static int tls1_prf_P_hash(const EVP_MD *md,
if (!ossl_assert(chunk > 0))
goto err;
-ctx = EVP_MD_CTX_new();
-ctx_tmp = EVP_MD_CTX_new();
-ctx_init = EVP_MD_CTX_new();
+ctx = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
+ctx_tmp = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
+ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
goto err;
-EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
-if (mac_key == NULL)
+if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_FLAGS,
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) != 1)
goto err;
-if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
+if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, md) != 1)
goto err;
-if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_KEY, sec, sec_len) != 1)
goto err;
-if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+if (!EVP_MAC_init(ctx_init))
goto err;
-if (!EVP_DigestSignFinal(ctx, A1, _len))
+if (!EVP_MAC_CTX_copy(ctx, ctx_init))
+goto err;
+if (seed != NULL && !EVP_MAC_update(ctx, seed, seed_len))
+goto err;
+if (!EVP_MAC_final(ctx, A1, _len))
goto err;
for (;;) {
/* Reinit mac contexts */
-if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+if (!EVP_MAC_CTX_copy(ctx, ctx_init))
goto err;
-if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
+if (!EVP_MAC_update(ctx, A1, A1_len))
goto err;
-if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
+if (olen > (size_t)chunk && !EVP_MAC_CTX_copy(ctx_tmp, ctx))
goto err;
-if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+if (seed != NULL && !EVP_MAC_update(ctx, seed, seed_len))
goto err;
if (olen > (size_t)chunk) {
size_t mac_len;
-if (!EVP_DigestSignFinal(ctx, out, _len))
+if (!EVP_MAC_final(ctx, out, _len))
goto err;
out += mac_len;
olen -= mac_len;
/* calc the next A1 value */
-if (!EVP_DigestSignFinal(ctx_tmp, A1, _len))
+if (!EVP_MAC_final(ctx_tmp, A1, _len))
goto err;
} else {/* last one */
-if (!EVP_DigestSignFinal(ctx, A1, _len))
+if (!EVP_MAC_final(ctx, A1, _len))
goto err;
memcpy(out, A1, olen);
break;
@@ -236,10 +237,9 @@ static int tls1_prf_P_hash(const EVP_MD *md,
}
ret = 1;
err:
-EVP_PKEY_free(mac_key);
-EVP_MD_CTX_free(ctx);
-EVP_MD_CTX_free(ctx_tmp);
-EVP_MD_CTX_free(ctx_init);
+EVP_MAC_CTX_free(ctx);
+EVP_MAC_CTX_free(ctx_tmp);
+EVP_MAC_CTX_free(ctx_init);
OPENSSL_cleanse(A1, sizeof(A1));
return ret;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 04cd70c6899c6b36517b2b07d7a12b2cceba1bef (commit)
via 5c587fb6b996d47771bcaecd71489e4849103f56 (commit)
from 91c5473035aaf2c0d86e4039c2a29a5b70541905 (commit)
- Log -
commit 04cd70c6899c6b36517b2b07d7a12b2cceba1bef
Author: Kurt Roeckx
Date: Tue Sep 18 22:17:14 2018 +0200
Deprecate TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION
Fixes: #7183
Reviewed-by: Matt Caswell
GH: #7260
commit 5c587fb6b996d47771bcaecd71489e4849103f56
Author: Kurt Roeckx
Date: Sun Dec 9 20:53:05 2018 +0100
Use (D)TLS_MAX_VERSION_INTERNAL internally
Use 0 if we don't want to set a minimum or maximum version
Reviewed-by: Matt Caswell
GH: #7260
---
Summary of changes:
include/openssl/dtls1.h | 8 +--
include/openssl/tls1.h | 4 +++-
ssl/d1_lib.c | 2 +-
ssl/ssl_locl.h | 3 +++
ssl/statem/statem_clnt.c | 2 +-
ssl/statem/statem_lib.c | 10 -
ssl/t1_lib.c | 2 +-
test/asynciotest.c | 2 +-
test/clienthellotest.c | 2 +-
test/dtlstest.c | 8 +++
test/fatalerrtest.c | 2 +-
test/gosttest.c | 2 +-
test/recordlentest.c | 2 +-
test/servername_test.c | 2 +-
test/ssl_test.c | 27
test/sslapitest.c| 55 +++-
test/sslbuffertest.c | 2 +-
test/sslcorrupttest.c| 2 +-
test/ssltest_old.c | 8 +++
test/tls13ccstest.c | 2 +-
20 files changed, 72 insertions(+), 75 deletions(-)
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index 21b5252..f717afb 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -14,10 +14,14 @@
extern "C" {
#endif
+#include
+
# define DTLS1_VERSION 0xFEFF
# define DTLS1_2_VERSION 0xFEFD
-# define DTLS_MIN_VERSIONDTLS1_VERSION
-# define DTLS_MAX_VERSIONDTLS1_2_VERSION
+# if !OPENSSL_API_3
+# define DTLS_MIN_VERSIONDTLS1_VERSION
+# define DTLS_MAX_VERSIONDTLS1_2_VERSION
+# endif
# define DTLS1_VERSION_MAJOR 0xFE
# define DTLS1_BAD_VER 0x0100
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index c57344c..166f15a 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -28,7 +28,9 @@ extern "C" {
# define TLS1_1_VERSION 0x0302
# define TLS1_2_VERSION 0x0303
# define TLS1_3_VERSION 0x0304
-# define TLS_MAX_VERSION TLS1_3_VERSION
+# if !OPENSSL_API_3
+# define TLS_MAX_VERSIONTLS1_3_VERSION
+# endif
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x1
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 2da9ebb..d3f681b 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -192,7 +192,7 @@ int dtls1_clear(SSL *s)
return 0;
if (s->method->version == DTLS_ANY_VERSION)
-s->version = DTLS_MAX_VERSION;
+s->version = DTLS_MAX_VERSION_INTERNAL;
#ifndef OPENSSL_NO_DTLS1_METHOD
else if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->client_version = s->version = DTLS1_BAD_VER;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c2e6474..2d68691 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -131,6 +131,9 @@
(c)[1]=(unsigned char)(((l)>> 8)&0xff), \
(c)[2]=(unsigned char)(((l))&0xff)),(c)+=3)
+# define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION
+# define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION
+
/*
* DTLS version numbers are strange because they're inverted. Except for
* DTLS1_BAD_VER, which should be considered "lower" than the rest.
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index c1a572f..3b6cbb7 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -163,7 +163,7 @@ static int ossl_statem_client13_read_transition(SSL *s, int
mt)
return 1;
}
if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
-#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION
# error TODO(DTLS1.3): Restore digest for PHA before adding message.
#endif
if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT)
{
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 9e68e05..1a9aa41 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1417,7 +1417,7 @@ typedef struct {
const SSL_METHOD *(*smeth) (void);
} version_info;
-#if TLS_MAX_VERSION != TLS1_3_VERSION
+#if TLS_MAX_VERSION_INTERNAL != TLS1_3_VERSION
# error Code n
[openssl-commits] [web] master update
The branch master has been updated via 0d92547742c3da2f066f4babaacf8a51bb2f5e3c (commit) from be4639ae76f20fccfd718dea2aaa7def1dbe8a55 (commit) - Log - commit 0d92547742c3da2f066f4babaacf8a51bb2f5e3c Author: Kurt Roeckx Date: Wed Dec 5 22:22:04 2018 +0100 Update PGP key --- Summary of changes: news/openssl-security.asc | 80 +++ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index fb0482f..9dddc89 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -11,33 +11,33 @@ Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO 5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB -tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+ -AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78CkZ9YTy4PH7W0w2JTizos9 -efUFAlvEwBgFCQmW/3kACgkQ2JTizos9efV3tBAAg/XTimvGMtCvMawu+ymbXshC -W+PTt3tH2oI7parnm8F0DY3c70rwKN1uu28Cds0QOpAUR8wsYe9HbXXfT7w+4JG6 -qJm3mfAin9QA49D99SN3TgSTOK7qU1p88nCpEs0dib4aF5gO2zaqRiIEbTkiQSjQ -lTzLS0kfznNmfynJI25XWNddLM2munn9ZS7XPQqzZ0G/RkDbuIayG0axRRcr8iG/ -uOkfFz3Iwk58MnzKVqPf+n7ZPTG6Z7EEcLF92Lo58x+s9tJ5afr0bTRG1wn5L8+I -++OEIn32CwPQ0B6FeI42jeXGdd4rGjgzZyBbqvUD2zei85Sa306ZUOLoD5iuSAXt -VkyK2rRRqfGy8m+R0TV1TQ25SkQadUf1fz1gS+QtyA4MhuM4f9PYR6kNUzjHkGAw -w6KTG+bHiiQdAOKCEDYZgz9bY9wSD53fQTh8r5DhQ9edgFQAZsJ5R5jouZu+5beG -8VP1OuvgKA478y/VWX6xnKLCqAfiF+p4ae0WDTm2cQiZyskTLQ2NaC0xEmAg9DgT -d0v9NteVVMKeVppaGsE21vaX7s228Pj2sf8EAwl5iqtcJZMVVMHdmMerojd0HnmW -PplbBVowaTTxLcMz/Xqlrxl7ylh6NqA3hFK1BwhFkAH6IEvXYmuAZNEtzFl+t4m5 -lsGHrlH+lstQuSl25v+0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z -ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAJwUJCZb/eQAKCRDY -lOLOiz159bbcEACpio13Jc6porVHoi5izZ9w9xCYiv6whrhgjdBCPm+JP6bPb0aN -T0EkhQ4oBsOh3iCtVrBXjeagXK1NR1Sze/PH/kxARg9Nx6rafv9jRF2irO0E8+fY -U2nV2z8Sjuej2uAIfMEJW0GnOJsR/pnn+a6P2Na8qwuwoEoWW2rTwqgCNOPwTWAW -qgB5sYrt5M8RhmSZXW0v6NmCAQVrnGbEsqgCuBLo0WqyPszW6BEQqUsvj4aAAucS -IZr2vaN4TnXhg0VdlI1f1E32ms2lSkNXECdSYWeT1eWVn2nPKibpePrJXuHHEP1G -qM9z70+otqNn7qbIIr2aCu9aoAkcqbNCM6WN6FgZb0BH/XLByZM6ksLjO5OD1BHS -PkK7HDTLDaTQFYbzH1ItpuWWvVh+l95a5Amm3Ic4JZyTbw0I7S4n0lo+JG4l89Wr -WsYwAJsj1Chn0TitF/VTMG7JOtFHKBKzNvXOY7H85zU8AxvC5lis5vLepSc41NXw -JoR7l+Cwi1hFIJIRO6RSVp3BwI+mASRZAn9ZaCqNyfDHhFQntpn607pRl2eHvO57 -KN1r1fJOZBx8P9p4S0sqBs9QXF4wNlBM2v/Te4MGq+wzQQFtofJuBSEpN0jHpVup -HGZRWkCSydM4ToCRrwEhclv3GvUmi1WAzy25SBbaR408/BgEAT2Xr6TUXLQnT3Bl +tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz +bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck +Z9YTy4PH7W0w2JTizos9efUFAlvEwCcFCQmW/3kACgkQ2JTizos9efW23BAAqYqN +dyXOqaK1R6IuYs2fcPcQmIr+sIa4YI3QQj5viT+mz29GjU9BJIUOKAbDod4grVaw +V43moFytTUdUs3vzx/5MQEYPTceq2n7/Y0RdoqztBPPn2FNp1ds/Eo7no9rgCHzB +CVtBpzibEf6Z5/muj9jWvKsLsKBKFltq08KoAjTj8E1gFqoAebGK7eTPEYZkmV1t +L+jZggEFa5xmxLKoArgS6NFqsj7M1ugREKlLL4+GgALnEiGa9r2jeE514YNFXZSN +X9RN9prNpUpDVxAnUmFnk9XllZ9pzyom6Xj6yV7hxxD9RqjPc+9PqLajZ+6myCK9 +mgrvWqAJHKmzQjOljehYGW9AR/1ywcmTOpLC4zuTg9QR0j5Cuxw0yw2k0BWG8x9S +Labllr1YfpfeWuQJptyHOCWck28NCO0uJ9JaPiRuJfPVq1rGMACbI9QoZ9E4rRf1 +UzBuyTrRRygSszb1zmOx/Oc1PAMbwuZYrOby3qUnONTV8CaEe5fgsItYRSCSETuk +UladwcCPpgEkWQJ/WWgqjcnwx4RUJ7aZ+tO6UZdnh7zueyjda9XyTmQcfD/aeEtL +KgbPUFxeMDZQTNr/03uDBqvsM0EBbaHybgUhKTdIx6VbqRxmUVpAksnTOE6Aka8B +IXJb9xr1JotVgM8tuUgW2keNPPwYBAE9l6+k1Fy0JU9wZW5TU0wgT01DIDxvcGVu +c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID +AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAGAUJCZb/eQAKCRDY +lOLOiz159Xe0EACD9dOKa8Yy0K8xrC77KZteyEJb49O3e0fagjulquebwXQNjdzv +SvAo3W67bwJ2zRA6kBRHzCxh70dtdd9PvD7gkbqombeZ8CKf1ADj0P31I3dOBJM4 +rupTWnzycKkSzR2JvhoXmA7bNqpGIgRtOSJBKNCVPMtLSR/Oc2Z/KckjbldY110s +zaa6ef1lLtc9CrNnQb9GQNu4hrIbRrFFFyvyIb+46R8XPcjCTnwyfMpWo9/6ftk9 +MbpnsQRwsX3YujnzH6z20nlp+vRtNEbXCfkvz4j744QiffYLA9DQHoV4jjaN5cZ1 +3isaODNnIFuq9QPbN6LzlJrfTplQ4ugPmK5IBe1WTIratFGp8bLyb5HRNXVNDblK +RBp1R/V/PWBL5C3IDgyG4zh/09hHqQ1TOMeQYDDDopMb5seKJB0A4oIQNhmDP1tj +3BIPnd9BOHyvkOFD152AVABmwnlHmOi5m77lt4bxU/U66+AoDjvzL9VZfrGcosKo +B+IX6nhp7RYNObZxCJnKyRMtDY1oLTESYCD0OBN3S/0215VUwp5WmloawTbW9pfu +zbbw+Pax/wQDCXmKq1wlkxVUwd2Yx6uiN3QeeZY+mVsFWjBpNPEtwzP9eqWvGXvK +WHo2oDeEUrUHCEWQAfogS9dia4Bk0S3MWX63ibmWwYeuUf6Wy1C5KXbm/7QnT3Bl blNTTCB0ZWFtIDxvcGVuc3NsLXRlYW1Ab3BlbnNzbC5vcmc+iQJZBDABCgBDFiEE 78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ9jUlHSBSZXBsYWNlZCBieSBvcGVuc3Ns LW9tY0BvcGVuc3NsLm9yZwAKCRDYlOLOiz159VAiD/wLVz8KE84z+iPBcDXJR4hr @@ -63,17 +63,17 @@ ncd+VYvth6cM9jDWsTJAXEaqNoFjVfw227NnQ/hxqGCwEVzweBi7a7dix3nCa9JO w5eV3xCyezUohQ6nOBbDnoAnp3FLeUrhBJQXCPNtlb0fSMnj14EwBoD6EKO/xz/g EW5mr0a+xp+fjbkvHVX/c8UmU
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via e37b7014f3f52124b787ca1b5b51b0111462a0ac (commit)
from 98f62979b2e6233470619c9adfa44704a7036699 (commit)
- Log -
commit e37b7014f3f52124b787ca1b5b51b0111462a0ac
Author: Tomas Mraz
Date: Fri Oct 12 17:24:14 2018 +0200
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
GH: #7391
(cherry picked from commit 75b68c9e4e8591a4ebe083cb207aeb121baf549f)
---
Summary of changes:
ssl/ssl_cert.c | 4 +-
test/recipes/80-test_ssl_new.t | 2 +-
test/ssl-tests/28-seclevel.conf| 102 +
test/ssl-tests/28-seclevel.conf.in | 48 +
4 files changed, 153 insertions(+), 3 deletions(-)
create mode 100644 test/ssl-tests/28-seclevel.conf
create mode 100644 test/ssl-tests/28-seclevel.conf.in
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 52a4a7e..7d7357f 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -951,8 +951,8 @@ static int ssl_security_default_callback(const SSL *s,
const SSL_CTX *ctx,
if (level >= 2 && c->algorithm_enc == SSL_RC4)
return 0;
/* Level 3: forward secure ciphersuites only */
-if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
- !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH
+if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
return 0;
break;
}
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index e15d87e..da8302d 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -28,7 +28,7 @@ map { s/\^// } @conf_files if $^O eq "VMS";
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 27; # = scalar @conf_srcs
+plan tests => 28; # = scalar @conf_srcs
# Some test results depend on the configuration of enabled protocols. We only
# verify generated sources in the default configuration.
diff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.conf
new file mode 100644
index 000..ddc2448
--- /dev/null
+++ b/test/ssl-tests/28-seclevel.conf
@@ -0,0 +1,102 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-SECLEVEL 3 with default key
+test-1 = 1-SECLEVEL 3 with ED448 key
+test-2 = 2-SECLEVEL 3 with ED448 key, TLSv1.2
+test-3 = 3-SECLEVEL 3 with P-384 key, X25519 ECDHE
+# ===
+
+[0-SECLEVEL 3 with default key]
+ssl_conf = 0-SECLEVEL 3 with default key-ssl
+
+[0-SECLEVEL 3 with default key-ssl]
+server = 0-SECLEVEL 3 with default key-server
+client = 0-SECLEVEL 3 with default key-client
+
+[0-SECLEVEL 3 with default key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-SECLEVEL 3 with default key-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = ServerFail
+
+
+# ===
+
+[1-SECLEVEL 3 with ED448 key]
+ssl_conf = 1-SECLEVEL 3 with ED448 key-ssl
+
+[1-SECLEVEL 3 with ED448 key-ssl]
+server = 1-SECLEVEL 3 with ED448 key-server
+client = 1-SECLEVEL 3 with ED448 key-client
+
+[1-SECLEVEL 3 with ED448 key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[1-SECLEVEL 3 with ED448 key-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===
+
+[2-SECLEVEL 3 with ED448 key, TLSv1.2]
+ssl_conf = 2-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
+
+[2-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
+server = 2-SECLEVEL 3 with ED448 key, TLSv1.2-server
+client = 2-SECLEVEL 3 with ED448 key, TLSv1.2-client
+
+[2-SECLEVEL 3 with ED448 key, TLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[2-SECLEVEL 3 with ED448 key, TLSv1.2-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+
+
+# ===
+
+[3-SECLEVEL 3 with P-384 key, X25519 ECDHE]
+ssl_conf = 3-SECLEVEL
[openssl-commits] [openssl] master update
The branch master has been updated
via 75b68c9e4e8591a4ebe083cb207aeb121baf549f (commit)
from 65042182fcafbd4c0dd8fdabaefdf1fd38dc6287 (commit)
- Log -
commit 75b68c9e4e8591a4ebe083cb207aeb121baf549f
Author: Tomas Mraz
Date: Fri Oct 12 17:24:14 2018 +0200
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
GH: #7391
---
Summary of changes:
ssl/ssl_cert.c | 4 +-
test/recipes/80-test_ssl_new.t | 2 +-
test/ssl-tests/28-seclevel.conf| 102 +
test/ssl-tests/28-seclevel.conf.in | 48 +
4 files changed, 153 insertions(+), 3 deletions(-)
create mode 100644 test/ssl-tests/28-seclevel.conf
create mode 100644 test/ssl-tests/28-seclevel.conf.in
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 52a4a7e..7d7357f 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -951,8 +951,8 @@ static int ssl_security_default_callback(const SSL *s,
const SSL_CTX *ctx,
if (level >= 2 && c->algorithm_enc == SSL_RC4)
return 0;
/* Level 3: forward secure ciphersuites only */
-if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
- !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH
+if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
return 0;
break;
}
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index e15d87e..da8302d 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -28,7 +28,7 @@ map { s/\^// } @conf_files if $^O eq "VMS";
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 27; # = scalar @conf_srcs
+plan tests => 28; # = scalar @conf_srcs
# Some test results depend on the configuration of enabled protocols. We only
# verify generated sources in the default configuration.
diff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.conf
new file mode 100644
index 000..ddc2448
--- /dev/null
+++ b/test/ssl-tests/28-seclevel.conf
@@ -0,0 +1,102 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-SECLEVEL 3 with default key
+test-1 = 1-SECLEVEL 3 with ED448 key
+test-2 = 2-SECLEVEL 3 with ED448 key, TLSv1.2
+test-3 = 3-SECLEVEL 3 with P-384 key, X25519 ECDHE
+# ===
+
+[0-SECLEVEL 3 with default key]
+ssl_conf = 0-SECLEVEL 3 with default key-ssl
+
+[0-SECLEVEL 3 with default key-ssl]
+server = 0-SECLEVEL 3 with default key-server
+client = 0-SECLEVEL 3 with default key-client
+
+[0-SECLEVEL 3 with default key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-SECLEVEL 3 with default key-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = ServerFail
+
+
+# ===
+
+[1-SECLEVEL 3 with ED448 key]
+ssl_conf = 1-SECLEVEL 3 with ED448 key-ssl
+
+[1-SECLEVEL 3 with ED448 key-ssl]
+server = 1-SECLEVEL 3 with ED448 key-server
+client = 1-SECLEVEL 3 with ED448 key-client
+
+[1-SECLEVEL 3 with ED448 key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[1-SECLEVEL 3 with ED448 key-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===
+
+[2-SECLEVEL 3 with ED448 key, TLSv1.2]
+ssl_conf = 2-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
+
+[2-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
+server = 2-SECLEVEL 3 with ED448 key, TLSv1.2-server
+client = 2-SECLEVEL 3 with ED448 key, TLSv1.2-client
+
+[2-SECLEVEL 3 with ED448 key, TLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[2-SECLEVEL 3 with ED448 key, TLSv1.2-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+
+
+# ===
+
+[3-SECLEVEL 3 with P-384 key, X25519 ECDHE]
+ssl_conf = 3-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl
+
+[3-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]
+
[openssl-commits] [web] master update
The branch master has been updated via 3b07e5291b0df2cef8469ab0494d1c787e84af87 (commit) from 72c1892c6630fe39a3ba99980876a4e7e983a2d8 (commit) - Log - commit 3b07e5291b0df2cef8469ab0494d1c787e84af87 Author: Kurt Roeckx Date: Mon Oct 15 18:32:18 2018 +0200 Update PGP key --- Summary of changes: news/openssl-security.asc | 128 +++--- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 217cbe7..fb0482f 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -12,68 +12,68 @@ Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+ -FiEE78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ8x0CGwMFCQefA0oFCwkIBwMFFQoJ -CAsFFgIDAQACHgECF4AACgkQ2JTizos9efVNnw/9GHSauODL8PCSRcobbVm8/3tl -ejky6YVmjBjpbKKLVCAyK6sM7ns1RDSoHSQfKdClZbD+n2ZLZFVbvdDbu873ntsE -WdMZUk5dTW0a8mtaUFV5nkZiWbNn5Yr+gtUiqOtIDR6wbXOd4RtpaKawllqN0JX/ -oZdVUcV60tekt92rUe3J/KbFptACvZNkvm1c2zEWdNemEWIqYOierjaeNhqdgAbA -kKA7EAYP53bursxTDfhQQZWzPOFXcl4ElHKHvVED2ZyGamRnuwD5F2YyjOCNlvt2 -si1mzTsvyjuNJv0OeK0rdPqX00OXWCuOb96rlGiSeaK3WFSTHeDiaFiCahwf9VJT -I9kGA/FF6is8UW2SJEGzYHGnY/lsUL697XTuLEgWU2qHlYXExLY1cuz+pTLB0vsB -suCGTe18BgjKF2und7z7+kDPB4uECXCwgPKjxLNM/JFhJswt3KTzDbcXz0/lg0+5 -3r1NsBV3JW0DxoRsmqWAn6anyCRDxN8GHzEymRkc88wacEt38JeyPuLiz6ejbpFR -EYNHDrVVB9gDkkxafL7csKH/J69v1GAujzyXPcTsT08YyKgf7kOc5e26jyNq9KYs -YJhE7yr/qcqcbcQTgntaFCas+1nBm/SM26xKLF4MkS8KEeGRUuCwQhDXPNORAsNj -EIOh6s4v5T9Py3lpJNu0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z -ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlMEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCWdny6QUJB58DSgAKCRDY -lOLOiz159XxmD/dSmuPL95utayr83urce6FibwqWZeA7LldBiaKEn8ShxhVgb/HG -EGfQKxF1cWXOe1NF3NEhmZD/JTYoMlqEyGARZMDR4klDPP0jhPWVcfnw8HoUjufE -QptCagLhitZzfb0GEzvAOG63tFwit4bM6gT2po3VZH8o62j2PcBtcSmjHVqtaKwI -i5MMXFRTaJnLQmLHg+W2nunw+CgTNdUgvn/oB0RPHXU+TlfPiuC7tAluZC+xYnIA -nspHRRbge3H1R07JP5LZW8fu60VMj/o7t/0rCupjjra/qE2KScF1MsFI7eiv1I/Q -68lgvtHLCpSqV/qqVmrdgGhV2pHQaEeB7sh/8E5+G0Yi6sYwztl/OeUUpdiGhXxU -OPWPYExIwDrh1guIi/yva/78wksbi/ZQffZTR//OIwdGmMVxYfdCQ16PfqXpKJlW -OcaH0Kbom13lha0Am0pXnqRnupOp5XrcrHJUcdFoS2df3wOh6aFejimjBWnvAajh -rzNnXedY9rtxDlA5O/D1Yx0j8ZfAMrmqxFTc+XyT5gBwxYc2wCQ3ch20MfDpJ9/s -eA4WS7dPGyOkziIcszT4vNCAtDnIs4Hr0uNb/1wF5R1UFq464Ghyqpt6SE2xfxsP -Uty+iyvCYfrbL7ILwHmpgYUARL51ovSxVRQA7osSg8qrf6U26pIDXD63tCdPcGVu -U1NMIHRlYW0gPG9wZW5zc2wtdGVhbUBvcGVuc3NsLm9yZz6JAlkEMAEKAEMWIQTv -wKRn1hPLg8ftbTDYlOLOiz159QUCWdn2NSUdIFJlcGxhY2VkIGJ5IG9wZW5zc2wt -b21jQG9wZW5zc2wub3JnAAoJENiU4s6LPXn1UCIP/AtXPwoTzjP6I8FwNclHiGuK -w+gV5Sw3rRNyiKg9TL0dudcVfDsdtdxmBR1vughH0PNsYstNggflbGIefLTIuNTQ -1qun5GTluLxZyWxcf6WJPMRTJdJpdy5BrIfXFaHrEohAQLBeL0P25gjXzOvA7C7Y -wCuxkKG3FuQKyKr4HNy5WF1LKZIBPcjHEHD6sjLDaxD4KxQnHd31s1xdarDvEbXe -G8MmiQApKUJ2fN9sGPdbrjBs1nBtgPksZHThT7g5FpuZfIWwOvg6XRaf2Ig538AG -aq+rqKnZHE9HvCEbBqidhSe6h3hkr5BY5Bh2jj5CTOvZSSBBTAq47wUFTeG/B4XK -m5yW561lRhQ8YEnYzb16swQyYA6jIRjeWRyYRoYmQ4tNrs6idKfjlMytQohKNPzH -OzW+bFX72Kz+C6KikXHjXj4MGafCcDpwuVPOE1muqR2Jt64o36wTzzBXsfTQ0EPy -hBSDYQDEFTFLY9osuQDT6arH7TiI7EX1lp/u0CIuBLmEQA3JZUWhyWkwQMyOep4J -A2gOeaMmjJ0lJ7tH44Fk4g+AhFW7Eq0dJ1iSoQoOQ21cKv3SJqDdYiu/M4kenCXX -kIXtxmPgHVnuwovu+U4mMvGZYfUs+JqZfNcUc/XmHDv4NMRusKTxP36rmvPwIHig -KxCiVjdbrygghWc0Qe7quQINBFQv6Z8BEADAd7PvHauU/H1vm9znBroxHG4coLnO -g+bIZTVrLgld1u/os7FVHvtIQ9WMA99Aus49vgiazMT0PwQd7t0m8hzAz+Xyi+xk -IgP59fdoV9g7h8b0MJwzZB8WIIbaxSjpVwMrXtmsANHwvntKPJR2tWHdmWTapQwt -t6ibSzCR/G1/AiK+fSnJDcr+uGxfoVTyDd3r54dQI5+APOfOPBGTEHI3nYO9jLAN -01tg+KJmsmO3lxObrrexWHGOkjOKU4SAdl/QzN/UYMt6guDm7xJBH2lpyXx8cl4g -PFxfhWbpF3P4jOvD9FUv7DJpfUD7GDFpzB3BpTnLs0CUQGpamScLitGSL6G4f2Pa -2C8ax7TQoEo2hbkjfSv2IaQMbPNB+pVWuxgkgEk0a0tzr5mPvn07FD80jr4rdJKk -H4ps4mMe0HCSGoBvdpr1Jrn9jxH870ouomiKjIWk2iauasTkdKuN9CmpEJLTT1+d -x35Vi+2Hpwz2MNaxMkBcRqo2gWNV/Dbbs2dD+HGoYLARXPB4GLtrt2LHecJr0k7D -l5XfELJ7NSiFDqc4FsOegCencUt5SuEElBcI822VvR9IyePXgTAGgPoQo7/HP+AR -bmavRr7Gn5+NuS8dVf9zxSZT7ueVfu6lo3jpEszXLTJZgqj0FXrW2f6RywCTuSFD -t0qE7OZJemwEcwARAQABiQI8BBgBCgAmAhsMFiEE78CkZ9YTy4PH7W0w2JTizos9 -efUFAlnZ9v8FCQefB2AACgkQ2JTizos9efVBOA/+ObcOrEGwKPI3KFaxKdkfbl/K -UoTTC8L6F/AJTd9JREXgic/CKZRfa64S+RvRqH8kY1DEUCi6v6o/57kS6o1BS+6a -PMeg/xi8nBmC5o+fqgOdIdFyUkJbwq/jWcHZ7Sjf89LCh0gtVqxsRYT3yZicCNJi -8qrWe4I2iv6OHOjZbHeF3RKM7IKaqcUCI6jklJSge3MoCR74gOEpAAA/eUQ2YfVx -pS1kMaJXLpa0gbkaylZALmt2uTvacOc5uipmZBzQRoVna9scM9+Fy0taus4TA+54 -8EMzjK7LUcgkgndXUf1hE29UGgZyOLBkLfXRZMl9hnOrurTnfUqthbpvZwQ892ba -ZW0NDkk2nlGFOCJQsfrLQdwxKm0oeH/eJoXaSSZuzn1hL2+EzfMNwpAP03l7xagI -sYkuyTUDyVGKwyT036yro9yqP0Iaa7CIgJ+DaxsyWthtG/NbJoRkmaJFKyu0pNa8 -dt04jmfMODToNAU7Ji8Ctan4gacGevYItgE8q30+kr1PPQD18DNXw6u36BLfjvPj
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 00f561ab9c70dec128467fb2b4f3eb952829c4c4 (commit) from d6d6aa3521e207c2727bbd1e5c97772502d15739 (commit) - Log - commit 00f561ab9c70dec128467fb2b4f3eb952829c4c4 Author: Kurt Roeckx Date: Tue Sep 11 23:39:25 2018 +0200 Improve SSL_shutdown() documentation Reviewed-by: Ben Kaduk GH: #7188 (cherry picked from commit 8e593f0a0dbcb3193548ced3c2e78fbbd201b2db) --- Summary of changes: doc/man3/SSL_CTX_set_quiet_shutdown.pod | 4 +- doc/man3/SSL_get_error.pod | 2 +- doc/man3/SSL_set_shutdown.pod | 8 ++-- doc/man3/SSL_shutdown.pod | 78 +++-- 4 files changed, 52 insertions(+), 40 deletions(-) diff --git a/doc/man3/SSL_CTX_set_quiet_shutdown.pod b/doc/man3/SSL_CTX_set_quiet_shutdown.pod index 99922eb..d3e6d9f 100644 --- a/doc/man3/SSL_CTX_set_quiet_shutdown.pod +++ b/doc/man3/SSL_CTX_set_quiet_shutdown.pod @@ -33,7 +33,7 @@ SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B. =head1 NOTES Normally when a SSL connection is finished, the parties must send out -"close notify" alert messages using L +close_notify alert messages using L for a clean shutdown. When setting the "quiet shutdown" flag to 1, L @@ -41,7 +41,7 @@ will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (L then behaves like L called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) -The session is thus considered to be shutdown, but no "close notify" alert +The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the TLS standard. The default is normal shutdown behaviour as described by the TLS standard. diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 01446a2..b3ab505 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -39,7 +39,7 @@ if and only if B 0>. =item SSL_ERROR_ZERO_RETURN The TLS/SSL peer has closed the connection for writing by sending the -"close notify" alert. +close_notify alert. No more data can be read. Note that B does not necessarily indicate that the underlying transport has been closed. diff --git a/doc/man3/SSL_set_shutdown.pod b/doc/man3/SSL_set_shutdown.pod index 04bcc47..7010807 100644 --- a/doc/man3/SSL_set_shutdown.pod +++ b/doc/man3/SSL_set_shutdown.pod @@ -30,12 +30,12 @@ No shutdown setting, yet. =item SSL_SENT_SHUTDOWN -A "close notify" shutdown alert was sent to the peer, the connection is being +A close_notify shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. =item SSL_RECEIVED_SHUTDOWN -A shutdown alert was received form the peer, either a normal "close notify" +A shutdown alert was received form the peer, either a normal close_notify or a fatal error. =back @@ -47,13 +47,13 @@ the ssl session. If the session is still open, when L or L is called, it is considered bad and removed according to RFC2246. The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN -(according to the TLS RFC, it is acceptable to only send the "close notify" +(according to the TLS RFC, it is acceptable to only send the close_notify alert but to not wait for the peer's answer, when the underlying connection is closed). SSL_set_shutdown() can be used to set this state without sending a close alert to the peer (see L). -If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set, +If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set, for setting SSL_SENT_SHUTDOWN the application must however still call L or SSL_set_shutdown() itself. diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 453853d..0a3d6d3 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -13,27 +13,36 @@ SSL_shutdown - shut down a TLS/SSL connection =head1 DESCRIPTION SSL_shutdown() shuts down an active TLS/SSL connection. It sends the -"close notify" shutdown alert to the peer. +close_notify shutdown alert to the peer. =head1 NOTES -SSL_shutdown() tries to send the "close notify" shutdown alert to the peer. +SSL_shutdown() tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. -The shutdown procedure consists of 2 steps: the sending of the "close notify" -shutdown alert and the reception of the peer's "close notify" shutdown -alert. According to the TLS standard, it is acceptable for an application -to only send
[openssl-commits] [openssl] master update
The branch master has been updated via 8e593f0a0dbcb3193548ced3c2e78fbbd201b2db (commit) from cd92d1fdd39819595e4b200bb82d8a0e9c76cfa5 (commit) - Log - commit 8e593f0a0dbcb3193548ced3c2e78fbbd201b2db Author: Kurt Roeckx Date: Tue Sep 11 23:39:25 2018 +0200 Improve SSL_shutdown() documentation Reviewed-by: Ben Kaduk GH: #7188 --- Summary of changes: doc/man3/SSL_CTX_set_quiet_shutdown.pod | 4 +- doc/man3/SSL_get_error.pod | 2 +- doc/man3/SSL_set_shutdown.pod | 8 ++-- doc/man3/SSL_shutdown.pod | 78 +++-- 4 files changed, 52 insertions(+), 40 deletions(-) diff --git a/doc/man3/SSL_CTX_set_quiet_shutdown.pod b/doc/man3/SSL_CTX_set_quiet_shutdown.pod index 99922eb..d3e6d9f 100644 --- a/doc/man3/SSL_CTX_set_quiet_shutdown.pod +++ b/doc/man3/SSL_CTX_set_quiet_shutdown.pod @@ -33,7 +33,7 @@ SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B. =head1 NOTES Normally when a SSL connection is finished, the parties must send out -"close notify" alert messages using L +close_notify alert messages using L for a clean shutdown. When setting the "quiet shutdown" flag to 1, L @@ -41,7 +41,7 @@ will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (L then behaves like L called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) -The session is thus considered to be shutdown, but no "close notify" alert +The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the TLS standard. The default is normal shutdown behaviour as described by the TLS standard. diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 01446a2..b3ab505 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -39,7 +39,7 @@ if and only if B 0>. =item SSL_ERROR_ZERO_RETURN The TLS/SSL peer has closed the connection for writing by sending the -"close notify" alert. +close_notify alert. No more data can be read. Note that B does not necessarily indicate that the underlying transport has been closed. diff --git a/doc/man3/SSL_set_shutdown.pod b/doc/man3/SSL_set_shutdown.pod index 04bcc47..7010807 100644 --- a/doc/man3/SSL_set_shutdown.pod +++ b/doc/man3/SSL_set_shutdown.pod @@ -30,12 +30,12 @@ No shutdown setting, yet. =item SSL_SENT_SHUTDOWN -A "close notify" shutdown alert was sent to the peer, the connection is being +A close_notify shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. =item SSL_RECEIVED_SHUTDOWN -A shutdown alert was received form the peer, either a normal "close notify" +A shutdown alert was received form the peer, either a normal close_notify or a fatal error. =back @@ -47,13 +47,13 @@ the ssl session. If the session is still open, when L or L is called, it is considered bad and removed according to RFC2246. The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN -(according to the TLS RFC, it is acceptable to only send the "close notify" +(according to the TLS RFC, it is acceptable to only send the close_notify alert but to not wait for the peer's answer, when the underlying connection is closed). SSL_set_shutdown() can be used to set this state without sending a close alert to the peer (see L). -If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set, +If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set, for setting SSL_SENT_SHUTDOWN the application must however still call L or SSL_set_shutdown() itself. diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 453853d..0a3d6d3 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -13,27 +13,36 @@ SSL_shutdown - shut down a TLS/SSL connection =head1 DESCRIPTION SSL_shutdown() shuts down an active TLS/SSL connection. It sends the -"close notify" shutdown alert to the peer. +close_notify shutdown alert to the peer. =head1 NOTES -SSL_shutdown() tries to send the "close notify" shutdown alert to the peer. +SSL_shutdown() tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. -The shutdown procedure consists of 2 steps: the sending of the "close notify" -shutdown alert and the reception of the peer's "close notify" shutdown -alert. According to the TLS standard, it is acceptable for an application -to only send its shutdown alert and then close the underlying connection -without waitin
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via d69f31fcc38878769c8c917f8724c5aef10fd847 (commit) from be4e1f79f631e49c76d02fe4644b52f907c374b2 (commit) - Log - commit d69f31fcc38878769c8c917f8724c5aef10fd847 Author: Kurt Roeckx Date: Thu Jul 26 11:10:24 2018 +0200 Fix inconsistent use of bit vs bits Reviewed-by: Tim Hudson GH: #6794 (cherry picked from commit b9e54e98066c1ff8adab5d68b6c114b14d2f74e5) --- Summary of changes: doc/crypto/BN_generate_prime.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 0079f17..003d123 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -92,8 +92,8 @@ probabilistic primality test with B iterations. If B, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. -The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, -2^-192 at 3747 bit and 2^-256 at 6394 bit. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, +2^-192 at 3747 bits and 2^-256 at 6394 bits. When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 616153f2f9c07f51212fb5e85170e89a4ebaadbb (commit) from 707efcd64129c8010e192bd209bace0bc6d18ac9 (commit) - Log - commit 616153f2f9c07f51212fb5e85170e89a4ebaadbb Author: Kurt Roeckx Date: Thu Jul 26 11:10:24 2018 +0200 Fix inconsistent use of bit vs bits Reviewed-by: Tim Hudson GH: #6794 (cherry picked from commit b9e54e98066c1ff8adab5d68b6c114b14d2f74e5) --- Summary of changes: doc/crypto/BN_generate_prime.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 4adc3c8..849df07 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -102,8 +102,8 @@ probabilistic primality test with B iterations. If B, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. -The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, -2^-192 at 3747 bit and 2^-256 at 6394 bit. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, +2^-192 at 3747 bits and 2^-256 at 6394 bits. When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b9e54e98066c1ff8adab5d68b6c114b14d2f74e5 (commit) from 9e4c97774861949f6f987772c0b579fe8a9c7d5a (commit) - Log - commit b9e54e98066c1ff8adab5d68b6c114b14d2f74e5 Author: Kurt Roeckx Date: Thu Jul 26 11:10:24 2018 +0200 Fix inconsisten use of bit vs bits Reviewed-by: Tim Hudson GH: #6794 --- Summary of changes: doc/man3/BN_generate_prime.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index 4b085e7..7cfa96e 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -103,8 +103,8 @@ probabilistic primality test with B iterations. If B, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. -The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, -2^-192 at 3747 bit and 2^-256 at 6394 bit. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, +2^-192 at 3747 bits and 2^-256 at 6394 bits. When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 9e4c97774861949f6f987772c0b579fe8a9c7d5a (commit)
from feac7a1c8be49fbcb76fcb721ec9f02fdd91030e (commit)
- Log -
commit 9e4c97774861949f6f987772c0b579fe8a9c7d5a
Author: Paul Yang
Date: Fri Jul 20 00:55:20 2018 +0800
Fix a trivial coding style nit in sm2_sign.c
Reviewed-by: Kurt Roeckx
Reviewed-by: Andy Polyakov
GH: #6787
---
Summary of changes:
crypto/sm2/sm2_sign.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index adde952..1244c05 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -111,7 +111,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const
BIGNUM *e)
for (;;) {
if (!BN_priv_rand_range(k, order)) {
SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
-goto done;
+goto done;
}
if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via be4e1f79f631e49c76d02fe4644b52f907c374b2 (commit) via 7a23bff90ef4466d741e46c5cf9e467b25c6ad4f (commit) from 9df990cdef581f7330205aef975055e23d8e8d43 (commit) - Log - commit be4e1f79f631e49c76d02fe4644b52f907c374b2 Author: Kurt Roeckx Date: Wed Jul 25 18:55:16 2018 +0200 Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime The old numbers where all generated for an 80 bit security level. But the number should depend on security level you want to reach. For bigger primes we want a higher security level and so need to do more tests. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 Fixes: #6012 (cherry picked from commit feac7a1c8be49fbcb76fcb721ec9f02fdd91030e) commit 7a23bff90ef4466d741e46c5cf9e467b25c6ad4f Author: Kurt Roeckx Date: Wed Apr 25 21:47:20 2018 +0200 Change the number of Miller-Rabin test for DSA generation to 64 This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 (cherry picked from commit 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8) --- Summary of changes: CHANGES | 10 + crypto/bn/bn.h | 87 +++- crypto/dsa/dsa.h | 8 ++-- doc/crypto/BN_generate_prime.pod | 12 +- 4 files changed, 95 insertions(+), 22 deletions(-) diff --git a/CHANGES b/CHANGES index f9562dd..1bf0f0b 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,16 @@ Changes between 1.0.2o and 1.0.2p [xx XXX ] + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + *) Add blinding to ECDSA and DSA signatures to protect against side channel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 633d1b1..c056bba 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -375,25 +375,76 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | s
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 707efcd64129c8010e192bd209bace0bc6d18ac9 (commit) via acaa6ae936194362cb8011a2c145eb87aae1d1fa (commit) from e18da726ed60b502f19fa35fca20201759f371d9 (commit) - Log - commit 707efcd64129c8010e192bd209bace0bc6d18ac9 Author: Kurt Roeckx Date: Wed Jul 25 18:55:16 2018 +0200 Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime The old numbers where all generated for an 80 bit security level. But the number should depend on security level you want to reach. For bigger primes we want a higher security level and so need to do more tests. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 Fixes: #6012 (cherry picked from commit feac7a1c8be49fbcb76fcb721ec9f02fdd91030e) commit acaa6ae936194362cb8011a2c145eb87aae1d1fa Author: Kurt Roeckx Date: Wed Apr 25 21:47:20 2018 +0200 Change the number of Miller-Rabin test for DSA generation to 64 This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 (cherry picked from commit 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8) --- Summary of changes: CHANGES | 10 + doc/crypto/BN_generate_prime.pod | 12 +- include/openssl/bn.h | 87 +++- include/openssl/dsa.h| 8 ++-- 4 files changed, 95 insertions(+), 22 deletions(-) diff --git a/CHANGES b/CHANGES index b16a1be..148960a 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,16 @@ Changes between 1.1.0h and 1.1.0i [xx XXX ] + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + *) Add blinding to ECDSA and DSA signatures to protect against side channel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index c97536b..4adc3c8 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -100,7 +100,17 @@ If B, this test is skipped. Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with B iterations. If B, a number of iterations is used that -yields a false positive rate of at most 2^-80 for random input. +yields a false positive rate of at most 2^-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, +2^-192 at 3747 bit and 2^-256 at 6394 bit. + +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, B should be set to +64. If B is not B, B is called after the j-th iteration (j = 0, 1, ...). B is a diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 54ae760..7b2e4fa 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -119,25 +119,76 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section
[openssl-commits] [openssl] master update
The branch master has been updated via feac7a1c8be49fbcb76fcb721ec9f02fdd91030e (commit) via 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8 (commit) from 7c226dfc434dcd0c8a3240df166b7561a8b51b0f (commit) - Log - commit feac7a1c8be49fbcb76fcb721ec9f02fdd91030e Author: Kurt Roeckx Date: Wed Jul 25 18:55:16 2018 +0200 Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime The old numbers where all generated for an 80 bit security level. But the number should depend on security level you want to reach. For bigger primes we want a higher security level and so need to do more tests. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 Fixes: #6012 commit 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8 Author: Kurt Roeckx Date: Wed Apr 25 21:47:20 2018 +0200 Change the number of Miller-Rabin test for DSA generation to 64 This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 --- Summary of changes: CHANGES| 10 + doc/man3/BN_generate_prime.pod | 12 +- include/openssl/bn.h | 87 +- include/openssl/dsa.h | 8 ++-- 4 files changed, 95 insertions(+), 22 deletions(-) diff --git a/CHANGES b/CHANGES index 3cf312a..cab58c0 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,16 @@ Changes between 1.1.0h and 1.1.1 [xx XXX ] + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + *) The 'tsget' script is renamed to 'tsget.pl', to avoid confusion when moving between systems, and to avoid confusion when a Windows build is done with mingw vs with MSVC. For POSIX installs, there's still a diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index f833d5c..4b085e7 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -101,7 +101,17 @@ If B, this test is skipped. Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with B iterations. If B, a number of iterations is used that -yields a false positive rate of at most 2^-80 for random input. +yields a false positive rate of at most 2^-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, +2^-192 at 3747 bit and 2^-256 at 6394 bit. + +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, B should be set to +64. If B is not B, B is called after the j-th iteration (j = 0, 1, ...). B is a diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 4678bb0..8af05d0 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -107,25 +107,76 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma scr
[openssl-commits] [openssl] master update
The branch master has been updated via 57fd517066418472b3280a975823405fb8f2f43d (commit) via 07fc8d5207febe53c8203a8a89fb7ba006871a1b (commit) from 01ad66f85d22fd001582b5f2e6e18db8b820c550 (commit) - Log - commit 57fd517066418472b3280a975823405fb8f2f43d Author: Kurt Roeckx Date: Sun May 13 11:24:11 2018 +0200 Improve documentation about reading and writing Reviewed-by: Matt Caswell GH: #6240 commit 07fc8d5207febe53c8203a8a89fb7ba006871a1b Author: Kurt Roeckx Date: Sun Jul 15 13:49:53 2018 +0200 Enable all protocols and ciphers in the fuzzer The config file can override it. In case of the server, it needs to be set on the ctx or some of the other functions on the ctx might file. Reviewed-by: Rich Salz DH: #6718 --- Summary of changes: doc/man3/BIO_should_retry.pod | 10 --- doc/man3/SSL_CTX_set_mode.pod | 38 -- doc/man3/SSL_CTX_set_read_ahead.pod | 18 +++-- doc/man3/SSL_get_error.pod | 41 +--- doc/man3/SSL_read.pod | 53 ++--- doc/man3/SSL_write.pod | 17 +++- fuzz/client.c | 1 + fuzz/server.c | 7 +++-- 8 files changed, 133 insertions(+), 52 deletions(-) diff --git a/doc/man3/BIO_should_retry.pod b/doc/man3/BIO_should_retry.pod index 60d8139..7a9ce8c 100644 --- a/doc/man3/BIO_should_retry.pod +++ b/doc/man3/BIO_should_retry.pod @@ -32,11 +32,13 @@ should then be retried at a later time. If BIO_should_retry() is false then the cause is an error condition. -BIO_should_read() is true if the cause of the condition is that a BIO -needs to read data. +BIO_should_read() is true if the cause of the condition is that the BIO +has insufficient data to return. Check for readability and/or retry the +last operation. -BIO_should_write() is true if the cause of the condition is that a BIO -needs to read data. +BIO_should_write() is true if the cause of the condition is that the BIO +has pending data to write. Check for writability and/or retry the +last operation. BIO_should_io_special() is true if some "special" condition, that is a reason other than reading or writing is the cause of the condition. diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index e83b591..e6de166 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -2,14 +2,16 @@ =head1 NAME -SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode +SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode =head1 SYNOPSIS #include long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); + long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); long SSL_set_mode(SSL *ssl, long mode); + long SSL_clear_mode(SSL *ssl, long mode); long SSL_CTX_get_mode(SSL_CTX *ctx); long SSL_get_mode(SSL *ssl); @@ -18,9 +20,11 @@ SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL SSL_CTX_set_mode() adds the mode set via bitmask in B to B. Options already set before are not cleared. +SSL_CTX_clear_mode() removes the mode set via bitmask in B from B. SSL_set_mode() adds the mode set via bitmask in B to B. Options already set before are not cleared. +SSL_clear_mode() removes the mode set via bitmask in B from B. SSL_CTX_get_mode() returns the mode set for B. @@ -51,16 +55,31 @@ non-blocking write(). =item SSL_MODE_AUTO_RETRY -Never bother the application with retries if the transport is blocking. -If a renegotiation take place during normal operation, a -L, L, L or L would -return with a failure and indicate the need to retry with SSL_ERROR_WANT_READ. +During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +L and L can return with a failure and indicate the +need to retry with B. +If such a non-application data record was processed, the flag +B causes it to try to process the next record instead of +returning. + In a non-blocking environment applications must be prepared to handle incomplete read/write operations. +Setting B for a non-blocking B will process +non-application data records until either no more data is available or +an application data record has been processed. + In a blocking environment, applications are not always prepared to -deal with read/write operations returning without success report. The -flag SSL_MODE_AUTO_RETRY will cause read/write operations to only -return after the handshake and successful completion. +deal with the functions returning intermediate reports such as retry
[openssl-commits] [openssl] master update
The branch master has been updated via 68b3cbd448e096bf3954d30de058d18615f9c257 (commit) from 74bfb980377f43367035959a2c0afb5ec501c033 (commit) - Log - commit 68b3cbd448e096bf3954d30de058d18615f9c257 Author: Kurt Roeckx Date: Sat Jul 7 10:55:18 2018 +0200 Update DRBG CHANGES section Reviewed-by: Tim Hudson Reviewed-by: Matthias St. Pierre GH: # --- Summary of changes: CHANGES | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 2eb90a9..4765e0b 100644 --- a/CHANGES +++ b/CHANGES @@ -196,12 +196,12 @@ Some of its new features are: o Support for multiple DRBG instances with seed chaining. - o Add a public DRBG instance for the default RAND method. - o Add a dedicated DRBG instance for generating long term private keys. - o Make the DRBG instances fork-safe. + o The default RAND method makes use of a DRBG. + o There is a public and private DRBG instance. + o The DRBG instances are fork-safe. o Keep all global DRBG instances on the secure heap if it is enabled. - o Add a DRBG instance to every SSL instance for lock free operation -and to increase unpredictability. + o The public and private DRBG instance are per thread for lock free +operation [Paul Dale, Benjamin Kaduk, Kurt Roeckx, Rich Salz, Matthias St. Pierre] *) Changed Configure so it only says what it does and doesn't dump _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 2ab5cb01d4d44f570b8e11384635149d38867eb2 (commit) from 7fe760161df54cfbb2bdbc90a09a20ef0e7a6b30 (commit) - Log - commit 2ab5cb01d4d44f570b8e11384635149d38867eb2 Author: Kurt Roeckx Date: Sat Jun 23 10:24:00 2018 +0200 Fix prototype of ASN1_INTEGER_get and ASN1_INTEGER_set The parameters where switched Reviewed-by: Rich Salz GH: #6578 (cherry picked from commit eaf39a9fe6f55feb5251e235069e02f7f50d9a49) --- Summary of changes: doc/crypto/ASN1_INTEGER_get_int64.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/ASN1_INTEGER_get_int64.pod b/doc/crypto/ASN1_INTEGER_get_int64.pod index f61268d..7ed1cca 100644 --- a/doc/crypto/ASN1_INTEGER_get_int64.pod +++ b/doc/crypto/ASN1_INTEGER_get_int64.pod @@ -11,10 +11,10 @@ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_s #include int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); - int ASN1_INTEGER_get(const ASN1_INTEGER *a, long v); + long ASN1_INTEGER_get(const ASN1_INTEGER *a); int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); - long ASN1_INTEGER_set(const ASN1_INTEGER *a); + int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 17e822e9f85e4cd65eba1dd4ba710749aa71793f (commit) from a3e9d5aa980f238805970f420adf5e903d35bf09 (commit) - Log - commit 17e822e9f85e4cd65eba1dd4ba710749aa71793f Author: Eric S. Raymond Date: Tue Jun 12 21:46:50 2018 +0200 Fix manpage problems CLA: trivial Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz Reviewed-by: Richard Levitte GH: #6472 --- Summary of changes: doc/man3/BUF_MEM_new.pod| 2 -- doc/man3/SSL_get_current_cipher.pod | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/man3/BUF_MEM_new.pod b/doc/man3/BUF_MEM_new.pod index 1d89159..95d3a07 100644 --- a/doc/man3/BUF_MEM_new.pod +++ b/doc/man3/BUF_MEM_new.pod @@ -6,8 +6,6 @@ BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse - simple character array structure -standard C library equivalents - =head1 SYNOPSIS #include diff --git a/doc/man3/SSL_get_current_cipher.pod b/doc/man3/SSL_get_current_cipher.pod index e5b249f..1a484f6 100644 --- a/doc/man3/SSL_get_current_cipher.pod +++ b/doc/man3/SSL_get_current_cipher.pod @@ -15,7 +15,7 @@ SSL_get_pending_cipher - get SSL_CIPHER of a connection const char *SSL_get_cipher_name(const SSL *s); const char *SSL_get_cipher(const SSL *s); - int SSL_get_cipher_bits(const SSL *s, int *np) \ + int SSL_get_cipher_bits(const SSL *s, int *np); const char *SSL_get_cipher_version(const SSL *s); =head1 DESCRIPTION _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 1e653d0ff7fc2e06a1cb1e05c01feecde84e67d3 (commit)
via 2545f9446e4a924548f393cc9e7391e6b10ed1b5 (commit)
via cf0891b8f1e85d130084c90661b7e05f4e90ec78 (commit)
via 8f57662771356882561b98d6add06a16dc479f9b (commit)
from 6da34cfbddede5e46f9c9183b724c9dcfb41 (commit)
- Log -
commit 1e653d0ff7fc2e06a1cb1e05c01feecde84e67d3
Author: Kurt Roeckx
Date: Sat Jun 2 18:15:32 2018 +0200
Fix checking the return value of getentropy()
Reviewed-by: Andy Polyakov
GH: #6405
commit 2545f9446e4a924548f393cc9e7391e6b10ed1b5
Author: Kurt Roeckx
Date: Sat Jun 2 17:54:29 2018 +0200
Remove support for calling getrandom(), we now always call getentropy()
Only Linux and FreeBSD provide getrandom(), but they both also provide
getentropy() since the same version and we already tried to call that.
Reviewed-by: Andy Polyakov
GH: #6405
commit cf0891b8f1e85d130084c90661b7e05f4e90ec78
Author: Kurt Roeckx
Date: Sat Jun 2 17:50:16 2018 +0200
Look up availability of getentropy() at runtime.
This will actually support most OSs, and at least adds support for
Solaris and OSX
Fixes: #6403
Reviewed-by: Andy Polyakov
GH: #6405
commit 8f57662771356882561b98d6add06a16dc479f9b
Author: Kurt Roeckx
Date: Sat Jun 2 15:22:13 2018 +0200
Add support for KERN_ARND to get random bytes on NetBSD
Reviewed-by: Andy Polyakov
GH: #6405
---
Summary of changes:
crypto/rand/rand_unix.c | 70 +
1 file changed, 41 insertions(+), 29 deletions(-)
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 1f0084d..9f17494 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -15,6 +15,7 @@
#include "rand_lcl.h"
#include "internal/rand_int.h"
#include
+#include "internal/dso.h"
#if defined(__linux)
# include
#endif
@@ -23,7 +24,7 @@
# include
# include
#endif
-#if defined(__OpenBSD__)
+#if defined(__OpenBSD__) || defined(__NetBSD__)
# include
#endif
#ifdef OPENSSL_SYS_UNIX
@@ -163,20 +164,6 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
# error "Seeding uses urandom but DEVRANDOM is not configured"
# endif
-# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
-# if __GLIBC_PREREQ(2, 25)
-#define OPENSSL_HAVE_GETRANDOM
-# endif
-# endif
-
-# if (defined(__FreeBSD__) && __FreeBSD_version >= 1200061)
-# define OPENSSL_HAVE_GETRANDOM
-# endif
-
-# if defined(OPENSSL_HAVE_GETRANDOM)
-# include
-# endif
-
# if defined(OPENSSL_RAND_SEED_OS)
# if !defined(DEVRANDOM)
#error "OS seeding requires DEVRANDOM to be configured"
@@ -189,7 +176,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
# error "librandom not (yet) supported"
# endif
-# if defined(__FreeBSD__) && defined(KERN_ARND)
+# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
/*
* sysctl_random(): Use sysctl() to read a random number from the kernel
* Returns the size on success, 0 on failure.
@@ -201,14 +188,25 @@ static size_t sysctl_random(char *buf, size_t buflen)
size_t len;
/*
- * Old implementations returned longs, newer versions support variable
- * sizes up to 256 byte. The code below would not work properly when
- * the sysctl returns long and we want to request something not a multiple
- * of longs, which should never be the case.
+ * On FreeBSD old implementations returned longs, newer versions support
+ * variable sizes up to 256 byte. The code below would not work properly
+ * when the sysctl returns long and we want to request something not a
+ * multiple of longs, which should never be the case.
*/
if (!ossl_assert(buflen % sizeof(long) == 0))
return 0;
+/*
+ * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
+ * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
+ * it returns a variable number of bytes with the current version
supporting
+ * up to 256 bytes.
+ * Just return an error on older NetBSD versions.
+ */
+#if defined(__NetBSD__) && __NetBSD_Version__ < 4
+return 0;
+#endif
+
mib[0] = CTL_KERN;
mib[1] = KERN_ARND;
@@ -231,23 +229,37 @@ static size_t sysctl_random(char *buf, size_t buflen)
*/
int syscall_random(void *buf, size_t buflen)
{
-# if defined(OPENSSL_HAVE_GETRANDOM)
-return (int)getrandom(buf, buflen, 0);
-# endif
+union {
+void *p;
+int (*f)(void *buffer, size_t length);
+} p_getentropy;
+
+/*
+ * Do runtime detection to find getentropy().
+ *
+ * We could cache the result of the loo
[openssl-commits] [openssl] master update
The branch master has been updated
via 693cf80c6ff54ae276a44d305d4ad07168ec6895 (commit)
from 1aac20f5095fca8691ef4495c3e7438c935a33dc (commit)
- Log -
commit 693cf80c6ff54ae276a44d305d4ad07168ec6895
Author: Kurt Roeckx <k...@roeckx.be>
Date: Tue May 15 19:01:41 2018 +0200
Enable SSL_MODE_AUTO_RETRY by default
Because TLS 1.3 sends more non-application data records some clients run
into problems because they don't expect SSL_read() to return and set
SSL_ERROR_WANT_READ after processing it.
This can cause problems for clients that use blocking I/O and use
select() to see if data is available. It can be cleared using
SSL_CTX_clear_mode().
Reviewed-by: Matt Caswell <m...@openssl.org>
GH: #6260
---
Summary of changes:
CHANGES | 11 +++
apps/s_client.c | 2 ++
apps/s_server.c | 3 +++
ssl/ssl_lib.c | 1 +
test/sslapitest.c | 9 -
5 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/CHANGES b/CHANGES
index c67a9c6..612da59 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,17 @@
Changes between 1.1.0h and 1.1.1 [xx XXX ]
+ *) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking
+ I/O in combination with something like select() or poll() will hang. This
+ can be turned off again using SSL_CTX_clear_mode().
+ Many applications do not properly handle non-application data records, and
+ TLS 1.3 sends more of such records. Setting SSL_MODE_AUTO_RETRY works
+ around the problems in those applications, but can also break some.
+ It's recommended to read the manpages about SSL_read(), SSL_write(),
+ SSL_get_error(), SSL_shutdown(), SSL_CTX_set_mode() and
+ SSL_CTX_set_read_ahead() again.
+ [Kurt Roeckx]
+
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
diff --git a/apps/s_client.c b/apps/s_client.c
index 5934236..9122d48 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1675,6 +1675,8 @@ int s_client_main(int argc, char **argv)
goto end;
}
+SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
diff --git a/apps/s_server.c b/apps/s_server.c
index 6180617..b0d38e4 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1753,6 +1753,9 @@ int s_server_main(int argc, char *argv[])
ERR_print_errors(bio_err);
goto end;
}
+
+SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 1dd355d..22f729c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2896,6 +2896,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->method = meth;
ret->min_proto_version = 0;
ret->max_proto_version = 0;
+ret->mode = SSL_MODE_AUTO_RETRY;
ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
/* We take the system default. */
diff --git a/test/sslapitest.c b/test/sslapitest.c
index f2978aa..10bfc8a 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -2351,15 +2351,6 @@ static int test_early_data_not_sent(int idx)
|| !TEST_size_t_eq(written, strlen(MSG2)))
goto end;
-/*
- * Should block due to the NewSessionTicket arrival unless we're using
- * read_ahead, or PSKs
- */
-if (idx != 1 && idx != 2) {
-if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), )))
-goto end;
-}
-
if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), ))
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 5f96a95e2562f026557f625e50c052e77c7bc2e8 (commit)
from a925e7dbf4c3bb01365c961df86da3ebfa1a6c27 (commit)
- Log -
commit 5f96a95e2562f026557f625e50c052e77c7bc2e8
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sat May 12 12:08:14 2018 +0200
Set sess to NULL after freeing it.
Found by OSS-fuzz
Bug introduced in commit 61fb59238dad6452a37ec14513fae617a4faef29
Reviewed-by: Matt Caswell <m...@openssl.org>
GH: #6235
---
Summary of changes:
ssl/t1_lib.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b312a14..c076782 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1384,6 +1384,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const
unsigned char *etick,
/* Some additional consistency checks */
if (slen != 0) {
SSL_SESSION_free(sess);
+sess = NULL;
ret = SSL_TICKET_NO_DECRYPT;
goto end;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 3cb7c5cfef25463bd197b0c12ca7966f525ebf73 (commit)
via d4a8ba77a4004b40890c4a9700ba959fd26af170 (commit)
from c3114a7732f423ec42a86392e12c8c3783c53aae (commit)
- Log -
commit 3cb7c5cfef25463bd197b0c12ca7966f525ebf73
Author: Kurt Roeckx <k...@roeckx.be>
Date: Wed May 9 17:09:50 2018 +0200
Use void in all function definitions that do not take any arguments
Reviewed-by: Rich Salz <rs...@openssl.org>
GH: #6208
commit d4a8ba77a4004b40890c4a9700ba959fd26af170
Author: Kurt Roeckx <k...@roeckx.be>
Date: Wed May 9 18:32:02 2018 +0200
rsaz_avx2_eligible doesn't take parameters
Reviewed-by: Rich Salz <rs...@openssl.org>
GH: #6208
---
Summary of changes:
apps/apps.c | 2 +-
apps/openssl.c | 6 +++---
crypto/bio/bio_meth.c | 2 +-
crypto/bn/rsaz_exp.h| 2 +-
crypto/conf/conf_def.c | 4 ++--
crypto/ct/ct_log.c | 2 +-
crypto/engine/tb_cipher.c | 2 +-
crypto/engine/tb_dh.c | 2 +-
crypto/engine/tb_digest.c | 2 +-
crypto/engine/tb_dsa.c | 2 +-
crypto/engine/tb_eckey.c| 2 +-
crypto/engine/tb_pkmeth.c | 2 +-
crypto/engine/tb_rand.c | 2 +-
crypto/engine/tb_rsa.c | 2 +-
crypto/mem_sec.c| 8
crypto/poly1305/poly1305.c | 2 +-
crypto/rand/drbg_lib.c | 2 +-
crypto/rand/rand_lib.c | 2 +-
crypto/store/store_init.c | 2 +-
crypto/ts/ts_rsp_sign.c | 2 +-
crypto/x509/x509_lu.c | 2 +-
ssl/pqueue.c| 2 +-
test/asynciotest.c | 2 +-
test/asynctest.c| 10 +-
test/cipherlist_test.c | 2 +-
test/drbgtest.c | 2 +-
test/dtls_mtu_test.c| 2 +-
test/dtlsv1listentest.c | 2 +-
test/evp_test.c | 2 +-
test/exdatatest.c | 2 +-
test/generate_buildtest.pl | 2 +-
test/handshake_helper.c | 2 +-
test/mdc2_internal_test.c | 2 +-
test/modes_internal_test.c | 4 ++--
test/pkey_meth_kdf_test.c | 2 +-
test/pkey_meth_test.c | 2 +-
test/rdrand_sanitytest.c| 11 ++-
test/ssl_cert_table_internal_test.c | 2 +-
test/ssl_test_ctx.c | 2 +-
test/sslcorrupttest.c | 2 +-
test/ssltest_old.c | 8
test/time_offset_test.c | 2 +-
test/tls13ccstest.c | 2 +-
test/tls13secretstest.c | 2 +-
test/v3nametest.c | 2 +-
test/x509_internal_test.c | 2 +-
test/x509_time_test.c | 2 +-
47 files changed, 66 insertions(+), 65 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index b35ea56..d5a6aea 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2486,7 +2486,7 @@ BIO *dup_bio_err(int format)
return b;
}
-void destroy_prefix_method()
+void destroy_prefix_method(void)
{
BIO_meth_free(prefix_method);
prefix_method = NULL;
diff --git a/apps/openssl.c b/apps/openssl.c
index 8224ae3..a872e2c 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -74,7 +74,7 @@ static void calculate_columns(DISPLAY_COLUMNS *dc)
dc->columns = (80 - 1) / dc->width;
}
-static int apps_startup()
+static int apps_startup(void)
{
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
@@ -90,13 +90,13 @@ static int apps_startup()
return 1;
}
-static void apps_shutdown()
+static void apps_shutdown(void)
{
destroy_ui_method();
destroy_prefix_method();
}
-static char *make_config_name()
+static char *make_config_name(void)
{
const char *t;
size_t len;
diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c
index 21df94a..493ff63 100644
--- a/crypto/bio/bio_meth.c
+++ b/crypto/bio/bio_meth.c
@@ -19,7 +19,7 @@ DEFINE_RUN_ONCE_STATIC(do_bio_type_init)
return bio_type_lock != NULL;
}
-int BIO_get_new_index()
+int BIO_get_new_index(void)
{
static CRYPTO_REF_COUNT bio_count = BIO_TYPE_START;
int newval;
diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
index 1c5e618..488b136 100644
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
@@ -28,7 +28,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
const BN_ULONG exponent[16],
const BN_ULONG m_norm[16], const BN_ULONG RR[16],
BN_ULONG k0);
-int rsaz_avx2_eligible();
+int rsaz_avx2_eligible(void);
void RSAZ_512_mod_exp(BN_ULONG result[8],
const BN_ULONG base_norm[8], const BN
[openssl-commits] [openssl] master update
The branch master has been updated
via d1ae34e92d1ae11a9b650e85790a907e5939cdf6 (commit)
from 06444da464c038d7869908aaa26eaa728ae3a032 (commit)
- Log -
commit d1ae34e92d1ae11a9b650e85790a907e5939cdf6
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sat Apr 28 23:26:22 2018 +0200
Use the config file from the source not the host for the tests
Fixes: #6046
Reviewed-by: Rich Salz <rs...@openssl.org>
GH: #6125
---
Summary of changes:
test/run_tests.pl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/run_tests.pl b/test/run_tests.pl
index 6343ec7..56b5ad1 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -28,6 +28,8 @@ my $bldtop = $ENV{BLDTOP} || $ENV{TOP};
my $recipesdir = catdir($srctop, "test", "recipes");
my $libdir = rel2abs(catdir($srctop, "util", "perl"));
+$ENV{OPENSSL_CONF} = catdir($srctop, "apps", "openssl.cnf");
+
my %tapargs =
( verbosity => $ENV{VERBOSE} || $ENV{V} || $ENV{HARNESS_VERBOSE} ? 1 : 0,
lib => [ $libdir ],
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 148796291e47ad402ddfd1bbe6f34a2652657ec2 (commit)
from 0e0f8116e247912f5c48f8b3786e543f37fc1f87 (commit)
- Log -
commit 148796291e47ad402ddfd1bbe6f34a2652657ec2
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Apr 8 20:20:25 2018 +0200
Add support for getrandom() or equivalent system calls and use them by
default
Reviewed-by: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
GH: #5910
---
Summary of changes:
INSTALL | 3 +-
crypto/rand/rand_unix.c | 101 +++-
2 files changed, 93 insertions(+), 11 deletions(-)
diff --git a/INSTALL b/INSTALL
index c0163a9..a0ebef9 100644
--- a/INSTALL
+++ b/INSTALL
@@ -224,7 +224,8 @@
os: Use a trusted operating system entropy source.
This is the default method if such an entropy
source exists.
- getrandom: Use the L<getrandom(2)> system call if
available.
+ getrandom: Use the L<getrandom(2)> or equivalent system
+ call.
devrandom: Use the the first device from the DEVRANDOM list
which can be opened to read random bytes. The
DEVRANDOM preprocessor constant expands to
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index beb35a3..f6fef9a 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
+#define _GNU_SOURCE
#include "e_os.h"
#include
#include "internal/cryptlib.h"
@@ -14,6 +15,17 @@
#include "rand_lcl.h"
#include "internal/rand_int.h"
#include
+#if defined(__linux)
+# include
+#endif
+#if defined(__FreeBSD__)
+# include
+# include
+# include
+#endif
+#if defined(__OpenBSD__)
+# include
+#endif
#ifdef OPENSSL_SYS_UNIX
# include
# include
@@ -59,6 +71,8 @@ static uint64_t get_timer_bits(void);
# endif
#endif
+int syscall_random(void *buf, size_t buflen);
+
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
!defined(OPENSSL_RAND_SEED_NONE)
# error "UEFI and VXWorks only support seeding NONE"
@@ -149,26 +163,93 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
# error "Seeding uses urandom but DEVRANDOM is not configured"
# endif
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 25)
+#define OPENSSL_HAVE_GETRANDOM
+# endif
+# endif
+
+# if (defined(__FreeBSD__) && __FreeBSD_version >= 1200061)
+# define OPENSSL_HAVE_GETRANDOM
+# endif
+
+# if defined(OPENSSL_HAVE_GETRANDOM)
+# include
+# endif
+
# if defined(OPENSSL_RAND_SEED_OS)
# if !defined(DEVRANDOM)
#error "OS seeding requires DEVRANDOM to be configured"
# endif
+# define OPENSSL_RAND_SEED_GETRANDOM
# define OPENSSL_RAND_SEED_DEVRANDOM
-# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
-#if __GLIBC_PREREQ(2, 25)
-# define OPENSSL_RAND_SEED_GETRANDOM
-#endif
-# endif
-# endif
-
-# ifdef OPENSSL_RAND_SEED_GETRANDOM
-# include
# endif
# if defined(OPENSSL_RAND_SEED_LIBRANDOM)
# error "librandom not (yet) supported"
# endif
+# if defined(__FreeBSD__) && defined(KERN_ARND)
+/*
+ * sysctl_random(): Use sysctl() to read a random number from the kernel
+ * Returns the size on success, 0 on failure.
+ */
+static size_t sysctl_random(char *buf, size_t buflen)
+{
+int mib[2];
+size_t done = 0;
+size_t len;
+
+/*
+ * Old implementations returned longs, newer versions support variable
+ * sizes up to 256 byte. The code below would not work properly when
+ * the sysctl returns long and we want to request something not a multiple
+ * of longs, which should never be the case.
+ */
+ossl_assert(buflen % sizeof(long) == 0);
+
+mib[0] = CTL_KERN;
+mib[1] = KERN_ARND;
+
+do {
+len = buflen;
+if (sysctl(mib, 2, buf, , NULL, 0) == -1)
+return done;
+done += len;
+buf += len;
+buflen -= len;
+} while (buflen > 0);
+
+return done;
+}
+# endif
+
+/*
+ * syscall_random(): Try to get random data using a system call
+ * returns the number of bytes returned in buf, or <= 0 on error.
+ */
+int syscall_random(void *buf, size_t buflen)
+{
+# if defined(OPENSSL_HAVE_GETRANDOM)
+return (int)getrandom(buf, buflen, 0);
+# endif
+
+# if defined(__linux) && defined(SYS_getrandom)
+return (int)syscall(SYS_getrandom, buf, buflen, 0);
+# endif
+
+# if defined(__FreeBSD__) && defined(KERN_ARND)
+retu
[openssl-commits] [openssl] master update
The branch master has been updated via 5b820d785d6b5f9c3fedcf0ce4e4f0476a1bb9c8 (commit) from 198a2ed791e8f4f00d0b92272987f564ca1d9783 (commit) - Log - commit 5b820d785d6b5f9c3fedcf0ce4e4f0476a1bb9c8 Author: Kurt Roeckx <k...@roeckx.be> Date: Sun Apr 22 22:04:25 2018 +0200 Fix usage of ossl_assert() Reviewed-by: Andy Polyakov <ap...@openssl.org> GH: #6044 --- Summary of changes: crypto/rand/rand_unix.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index f6fef9a..9b6971c 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -206,7 +206,8 @@ static size_t sysctl_random(char *buf, size_t buflen) * the sysctl returns long and we want to request something not a multiple * of longs, which should never be the case. */ -ossl_assert(buflen % sizeof(long) == 0); +if (!ossl_assert(buflen % sizeof(long) == 0)) +return 0; mib[0] = CTL_KERN; mib[1] = KERN_ARND; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 4cffafe96786558f66e1900ac462f9ccba921132 (commit)
from 1238caa725a1dfb5f9d7ef3ba3b014d2af4cab60 (commit)
- Log -
commit 4cffafe96786558f66e1900ac462f9ccba921132
Author: Kurt Roeckx <k...@roeckx.be>
Date: Fri Nov 3 20:59:16 2017 +0100
Use the private RNG for data that is not public
Reviewed-by: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
Reviewed-by: Rich Salz <rs...@openssl.org>
Fixes: #4641
GH: #4665
---
Summary of changes:
crypto/bio/bf_nbio.c | 4 ++--
crypto/bn/bn_blind.c | 2 +-
crypto/bn/bn_prime.c | 5 +++--
crypto/bn/bn_rand.c | 2 +-
crypto/bn/bn_sqrt.c | 2 +-
crypto/des/rand_key.c| 2 +-
crypto/evp/e_des.c | 2 +-
crypto/evp/e_des3.c | 2 +-
crypto/evp/evp_enc.c | 2 +-
crypto/rand/randfile.c | 2 +-
crypto/srp/srp_vfy.c | 2 +-
ssl/ssl_lib.c| 6 +++---
ssl/statem/statem_srvr.c | 2 +-
ssl/tls_srp.c| 4 ++--
14 files changed, 20 insertions(+), 19 deletions(-)
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index c41b5d5..1acb717 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -89,7 +89,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
return 0;
BIO_clear_retry_flags(b);
-if (RAND_bytes(, 1) <= 0)
+if (RAND_priv_bytes(, 1) <= 0)
return -1;
num = (n & 0x07);
@@ -126,7 +126,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn;
nt->lwn = 0;
} else {
-if (RAND_bytes(, 1) <= 0)
+if (RAND_priv_bytes(, 1) <= 0)
return -1;
num = (n & 7);
}
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index 985d3ef..1ee902c 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -250,7 +250,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
do {
int rv;
-if (!BN_rand_range(ret->A, ret->mod))
+if (!BN_priv_rand_range(ret->A, ret->mod))
goto err;
if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, )) {
/*
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 36d6e88..4e79086 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -279,6 +279,7 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t
*mods)
char is_single_word = bits <= BN_BITS2;
again:
+/* TODO: Not all primes are private */
if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
return 0;
/* we now have a random number 'rnd' to test. */
@@ -363,7 +364,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
if ((t1 = BN_CTX_get(ctx)) == NULL)
goto err;
-if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
goto err;
/* we need ((rnd-rem) % add) == 0 */
@@ -419,7 +420,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits,
const BIGNUM *padd,
if (!BN_rshift1(qadd, padd))
goto err;
-if (!BN_priv_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
goto err;
/* we need ((rnd-rem) % add) == 0 */
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 604b6bf..c0d1a32 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -239,7 +239,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
for (done = 0; done < num_k_bytes;) {
-if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
+if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
goto err;
SHA512_Init();
SHA512_Update(, , sizeof(done));
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 37cdaf8..be8bd12 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -179,7 +179,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const
BIGNUM *p, BN_CTX *ctx)
if (!BN_set_word(y, i))
goto end;
} else {
-if (!BN_rand(y, BN_num_bits(p), 0, 0))
+if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
goto end;
if (BN_ucmp(y, p) >= 0) {
if (!(p->neg ? BN_add : BN_sub) (y, y, p))
diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c
index 09d7e4c..b49ce6f 100644
--- a/crypto/des/rand_key.c
+++ b/crypto/des/rand_key.c
@@ -13,7 +13,7 @@
int DES_random_key(DES_cblock *ret)
{
do {
-if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+if (RAND_priv_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
[openssl-commits] [openssl] master update
The branch master has been updated
via 2a70d65b99e1f2376be705d18bca88703b7e774a (commit)
from 2f6f913e9e02441245c974d7c5abe57f37c0420e (commit)
- Log -
commit 2a70d65b99e1f2376be705d18bca88703b7e774a
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sat Mar 3 23:19:03 2018 +0100
Make sure we use a nonce when a nonce is required
If a nonce is required and the get_nonce callback is NULL, request 50%
more entropy following NIST SP800-90Ar1 section 9.1.
Reviewed-by: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
GH: #5503
---
Summary of changes:
crypto/rand/drbg_lib.c | 30 +---
crypto/rand/rand_lcl.h | 21 +
crypto/rand/rand_lib.c | 21 -
test/drbgtest.c| 63 ++
4 files changed, 106 insertions(+), 29 deletions(-)
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index e1b3ddb..b9ad1b8 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -266,6 +266,9 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
{
unsigned char *nonce = NULL, *entropy = NULL;
size_t noncelen = 0, entropylen = 0;
+size_t min_entropy = drbg->strength;
+size_t min_entropylen = drbg->min_entropylen;
+size_t max_entropylen = drbg->max_entropylen;
if (perslen > drbg->max_perslen) {
RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
@@ -288,22 +291,33 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
}
drbg->state = DRBG_ERROR;
+
+/*
+ * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy
+ * and nonce in 1 call by increasing the entropy with 50% and increasing
+ * the minimum length to accomadate the length of the nonce.
+ * We do this in case a nonce is require and get_nonce is NULL.
+ */
+if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+min_entropy += drbg->strength / 2;
+min_entropylen += drbg->min_noncelen;
+max_entropylen += drbg->max_noncelen;
+}
+
if (drbg->get_entropy != NULL)
-entropylen = drbg->get_entropy(drbg, , drbg->strength,
- drbg->min_entropylen,
- drbg->max_entropylen, 0);
-if (entropylen < drbg->min_entropylen
-|| entropylen > drbg->max_entropylen) {
+entropylen = drbg->get_entropy(drbg, , min_entropy,
+ min_entropylen, max_entropylen, 0);
+if (entropylen < min_entropylen
+|| entropylen > max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
goto end;
}
-if (drbg->max_noncelen > 0 && drbg->get_nonce != NULL) {
+if (drbg->min_noncelen > 0 && drbg->get_nonce != NULL) {
noncelen = drbg->get_nonce(drbg, , drbg->strength / 2,
drbg->min_noncelen, drbg->max_noncelen);
if (noncelen < drbg->min_noncelen || noncelen > drbg->max_noncelen) {
-RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
-RAND_R_ERROR_RETRIEVING_NONCE);
+RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
RAND_R_ERROR_RETRIEVING_NONCE);
goto end;
}
}
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 0a34aa0..94ffc96 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -108,6 +108,27 @@ typedef struct rand_drbg_ctr_st {
/*
+ * The 'random pool' acts as a dumb container for collecting random
+ * input from various entropy sources. The pool has no knowledge about
+ * whether its randomness is fed into a legacy RAND_METHOD via RAND_add()
+ * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the
+ * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and
+ * 4) cleanup the random pool again.
+ *
+ * The random pool contains no locking mechanism because its scope and
+ * lifetime is intended to be restricted to a single stack frame.
+ */
+struct rand_pool_st {
+unsigned char *buffer; /* points to the beginning of the random pool */
+size_t len; /* current number of random bytes contained in the pool */
+
+size_t min_len; /* minimum number of random bytes requested */
+size_t max_len; /* maximum number of random bytes (allocated buffer size)
*/
+size_t entropy; /* current entropy count in bits */
+size_t requested_entropy; /* requested entropy count in bits */
+};
+
+/*
* The state of all types of DRBGs, even though we only have CTR mode
* right now.
*/
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index defa3ec..143dfb0 100644
--- a/crypto/rand/rand_lib
[openssl-commits] [openssl] master update
The branch master has been updated via 2f6f913e9e02441245c974d7c5abe57f37c0420e (commit) from 094925de1ecfcfb8019b21994c45f3dc00ab4e2c (commit) - Log - commit 2f6f913e9e02441245c974d7c5abe57f37c0420e Author: Kurt Roeckx <k...@roeckx.be> Date: Sat Mar 31 14:43:01 2018 +0200 Update documentation on how to close a connection Reviewed-by: Bernd Edlinger <bernd.edlin...@hotmail.de> GH: #5823 --- Summary of changes: doc/man3/SSL_get_error.pod | 9 +++ doc/man3/SSL_shutdown.pod | 65 ++ 2 files changed, 46 insertions(+), 28 deletions(-) diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 4e26514..688f772 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -38,11 +38,10 @@ if and only if B 0>. =item SSL_ERROR_ZERO_RETURN -The TLS/SSL connection has been closed. -If the protocol version is SSL 3.0 or higher, this result code is returned only -if a closure alert has occurred in the protocol, i.e. if the connection has been -closed cleanly. -Note that in this case B does not necessarily +The TLS/SSL peer has closed the connection for writing by sending the +"close notify" alert. +No more data can be read. +Note that B does not necessarily indicate that the underlying transport has been closed. =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index c40956c..5d467c8 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -35,35 +35,52 @@ performed, so that the peers stay synchronized. SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step behaviour. -=over 4 +SSL_shutdown() only closes the write direction. +It is not possible to call SSL_write() after calling SSL_shutdown(). +The read direction is closed by the peer. + +=head2 First to close the connection -=item When the application is the first party to send the "close notify" +When the application is the first party to send the "close notify" alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will -be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional -shutdown is enough (the underlying connection shall be closed anyway), this -first call to SSL_shutdown() is sufficient. In order to complete the -bidirectional shutdown handshake, SSL_shutdown() must be called again. -The second call will make SSL_shutdown() wait for the peer's "close notify" -shutdown alert. On success, the second call to SSL_shutdown() will return -with 1. - -=item If the peer already sent the "close notify" alert B it was +be kept in the cache). +SSL_shutdown() will then return with 0. +If a unidirectional shutdown is enough (the underlying connection shall be +closed anyway), this first call to SSL_shutdown() is sufficient. + +In order to complete the bidirectional shutdown handshake, the peer needs +to send back a "close notify" alert. +The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing +it. +SSL_shutdown() will return 1 when it has been received. + +The peer is still allowed to send data after receiving the "close notify" +event. +If the peer did send data it needs to be processed by calling SSL_read() +before calling SSL_shutdown() a second time. +SSL_read() will indicate the end of the peer data by returning <= 0 +and SSL_get_error() returning SSL_ERROR_ZERO_RETURN. +It is recommended to call SSL_read() between SSL_shutdown() calls. + +=head2 Peer closes the connection + +If the peer already sent the "close notify" alert B it was already processed implicitly inside another function (L<SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set. +SSL_read() will return <= 0 in that case, and SSL_get_error() will return +SSL_ERROR_ZERO_RETURN. SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also L<SSL_set_shutdown(3)> call. -=back +=head1 NOTES -It is therefore recommended, to check the return value of SSL_shutdown() -and call SSL_shutdown() again, if the bidirectional shutdown is not yet -complete (return value of the first call is 0). +It is recommended to do a bidirectional shutdown by checking the return value +of SSL_shutdown() and call it again until it returns 1 or a fatal error. The behaviour of SSL_shutdown() additionally depends on the underlying BIO. - If the underlying BIO is B, SSL_shutdown() will only return once the handshake step has been finished or an error occurred. @@
[openssl-commits] [openssl] master update
The branch master has been updated
via 311276ffe32ab0b161c364727cf8676591dbf47c (commit)
via eb238134e0a0fb5ac5c8239ade1dfe77a815aba5 (commit)
from a080c3e816e923680e57e647b5cbc3896e8e8106 (commit)
- Log -
commit 311276ffe32ab0b161c364727cf8676591dbf47c
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Feb 18 20:55:28 2018 +0100
Return error when trying to use prediction resistance
There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need prediction
resistance you need to set up your own callbacks that follow the
requirements of NIST SP 800-90C.
Reviewed-by: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
GH: #5402
commit eb238134e0a0fb5ac5c8239ade1dfe77a815aba5
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Feb 18 19:26:55 2018 +0100
Propagate the request for prediction resistance to the get entropy call
Reviewed-by: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
GH: #5402
---
Summary of changes:
crypto/err/openssl.txt | 2 ++
crypto/include/internal/rand_int.h | 3 ++-
crypto/rand/drbg_lib.c | 14 +-
crypto/rand/rand_err.c | 2 ++
crypto/rand/rand_lib.c | 18 +++---
include/openssl/rand_drbg.h| 6 --
include/openssl/randerr.h | 1 +
test/drbgtest.c| 20 +++-
8 files changed, 46 insertions(+), 20 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 728013b..0052ddf 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2310,6 +2310,8 @@ RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED:128:no drbg
implementation selected
RAND_R_PARENT_LOCKING_NOT_ENABLED:130:parent locking not enabled
RAND_R_PARENT_STRENGTH_TOO_WEAK:131:parent strength too weak
RAND_R_PERSONALISATION_STRING_TOO_LONG:116:personalisation string too long
+RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED:133:\
+ prediction resistance not supported
RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded
RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow
RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg
diff --git a/crypto/include/internal/rand_int.h
b/crypto/include/internal/rand_int.h
index d90d9c5..27ca703 100644
--- a/crypto/include/internal/rand_int.h
+++ b/crypto/include/internal/rand_int.h
@@ -34,7 +34,8 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
/* DRBG entropy callbacks. */
size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
unsigned char **pout,
- int entropy, size_t min_len, size_t max_len);
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance);
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
unsigned char *out, size_t outlen);
size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 02ad071..360ea7c 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -327,7 +327,8 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
drbg->state = DRBG_ERROR;
if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, , drbg->strength,
- drbg->min_entropylen, drbg->max_entropylen);
+ drbg->min_entropylen,
+ drbg->max_entropylen, 0);
if (entropylen < drbg->min_entropylen
|| entropylen > drbg->max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
@@ -411,7 +412,8 @@ int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
* Returns 1 on success, 0 on failure.
*/
int RAND_DRBG_reseed(RAND_DRBG *drbg,
- const unsigned char *adin, size_t adinlen)
+ const unsigned char *adin, size_t adinlen,
+ int prediction_resistance)
{
unsigned char *entropy = NULL;
size_t entropylen = 0;
@@ -435,7 +437,9 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
drbg->state = DRBG_ERROR;
if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, , drbg->strength,
- drbg->min_entropylen, drbg->max_entropylen);
+ drbg->min_entropylen,
+ drbg->max_entropylen,
+ prediction_resistance);
if (entropylen < drbg->min_entropylen
|| entropylen > drbg->max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_RES
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via d777ca4900e0de94df5590f2957962cdd231c18c (commit) from bb868bbc4605b1e4c8591a943dbba4cf3ca0a26c (commit) - Log - commit d777ca4900e0de94df5590f2957962cdd231c18c Author: Kurt Roeckx <k...@roeckx.be> Date: Sat Mar 10 16:32:55 2018 +0100 Fix propotype to include the const qualifier Reviewed-by: Andy Polyakov <ap...@openssl.org> GH: #5582 --- Summary of changes: doc/crypto/EVP_EncryptInit.pod | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 4cd24d7..4973f0a 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -38,38 +38,38 @@ EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv, int enc); + const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 283b12036f2a7dbda8c9fe1016653d38a7a1d4a8 (commit) from d8bb766bdcd77ac43bb43424af698ae1050abb30 (commit) - Log - commit 283b12036f2a7dbda8c9fe1016653d38a7a1d4a8 Author: Kurt Roeckx <k...@roeckx.be> Date: Sat Mar 10 16:32:55 2018 +0100 Fix propotype to include the const qualifier Reviewed-by: Andy Polyakov <ap...@openssl.org> GH: #5582 --- Summary of changes: doc/crypto/EVP_EncryptInit.pod | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index f842eea..cbb96a9 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -45,38 +45,38 @@ EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv, int enc); + const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b38fa9855f65477fb4a6ef943276be8237468e3b (commit) from 3266cf582a8e1b0bd04600658f64e2c9a79cf903 (commit) - Log - commit b38fa9855f65477fb4a6ef943276be8237468e3b Author: Kurt Roeckx <k...@roeckx.be> Date: Sat Mar 10 16:32:55 2018 +0100 Fix propotype to include the const qualifier Reviewed-by: Andy Polyakov <ap...@openssl.org> GH: #5582 --- Summary of changes: doc/man3/EVP_EncryptInit.pod | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 3022c7a..b1b51cb 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -59,33 +59,33 @@ EVP_enc_null void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -ENGINE *impl, unsigned char *key, unsigned char *iv); +ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -ENGINE *impl, unsigned char *key, unsigned char *iv); +ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -unsigned char *key, unsigned char *iv, int enc); +const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 35503b7cdc38b21739df1163d6d24b00dd386bef (commit)
from 3bc0ab06b0224fb72d08baa1843f3d36be361162 (commit)
- Log -
commit 35503b7cdc38b21739df1163d6d24b00dd386bef
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Mar 4 13:23:05 2018 +0100
Check the parent DRBG's strength
We currently don't support the algorithm from NIST SP 800-90C
10.1.2 to use a weaker DRBG as source
Reviewed-by: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
GH: #5506
---
Summary of changes:
crypto/err/openssl.txt| 2 ++
crypto/rand/drbg_lib.c| 9 +
crypto/rand/rand_err.c| 4
crypto/rand/rand_lib.c| 12 +++-
include/openssl/randerr.h | 2 ++
5 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 9a41ea8..3f1c735 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -907,6 +907,7 @@ RAND_F_GET_ENTROPY:106:get_entropy
RAND_F_RAND_BYTES:100:RAND_bytes
RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking
RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate
+RAND_F_RAND_DRBG_GET_ENTROPY:120:rand_drbg_get_entropy
RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate
RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new
RAND_F_RAND_DRBG_RESEED:110:RAND_DRBG_reseed
@@ -2300,6 +2301,7 @@ RAND_R_NOT_A_REGULAR_FILE:122:Not a regular file
RAND_R_NOT_INSTANTIATED:115:not instantiated
RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED:128:no drbg implementation selected
RAND_R_PARENT_LOCKING_NOT_ENABLED:130:parent locking not enabled
+RAND_R_PARENT_STRENGTH_TOO_WEAK:131:parent strength too weak
RAND_R_PERSONALISATION_STRING_TOO_LONG:116:personalisation string too long
RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded
RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index c43f571..daac770 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -178,6 +178,15 @@ static RAND_DRBG *rand_drbg_new(int secure,
if (RAND_DRBG_set(drbg, type, flags) == 0)
goto err;
+if (parent != NULL && drbg->strength > parent->strength) {
+/*
+ * We currently don't support the algorithm from NIST SP 800-90C
+ * 10.1.2 to use a weaker DRBG as source
+ */
+RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+goto err;
+}
+
if (!RAND_DRBG_set_callbacks(drbg, rand_drbg_get_entropy,
rand_drbg_cleanup_entropy,
NULL, NULL))
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index e92c33f..22467d8 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -23,6 +23,8 @@ static const ERR_STRING_DATA RAND_str_functs[] = {
"rand_drbg_enable_locking"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0),
"RAND_DRBG_generate"},
+{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0),
+ "rand_drbg_get_entropy"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0),
"RAND_DRBG_instantiate"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"},
@@ -86,6 +88,8 @@ static const ERR_STRING_DATA RAND_str_reasons[] = {
"no drbg implementation selected"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED),
"parent locking not enabled"},
+{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK),
+"parent strength too weak"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG),
"personalisation string too long"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index b8b7b6e..d328935 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -176,8 +176,18 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
{
size_t ret = 0;
size_t entropy_available = 0;
-RAND_POOL *pool = RAND_POOL_new(entropy, min_len, max_len);
+RAND_POOL *pool;
+
+if (drbg->parent && drbg->strength > drbg->parent->strength) {
+/*
+ * We currently don't support the algorithm from NIST SP 800-90C
+ * 10.1.2 to use a weaker DRBG as source
+ */
+RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+return 0;
+}
+pool = RAND_POOL_new(entropy, min_len, max_len);
if (pool == NULL)
return 0;
diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h
index 4cfc06d..81bda4b 100644
--- a/include/openssl/randerr.h
+++ b/include/openssl/randerr.h
@@ -26,6 +26,7 @@ int ERR_load_RAN
[openssl-commits] [openssl] master update
The branch master has been updated
via 3bc0ab06b0224fb72d08baa1843f3d36be361162 (commit)
from b524b808a1d1ba204dbdcbb42de4e3bddb3472ac (commit)
- Log -
commit 3bc0ab06b0224fb72d08baa1843f3d36be361162
Author: Kurt Roeckx <k...@roeckx.be>
Date: Mon Mar 5 00:29:21 2018 +0100
bnrand_range: Always call bnrand() with the correct flag
It was calling the BN_rand() when it should have call BN_priv_rand()
Reviewed-by: Tim Hudson <t...@openssl.org>
GH: #5514
---
Summary of changes:
crypto/bn/bn_rand.c | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 0be2160..743779f 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -112,7 +112,7 @@ int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
/* random number r: 0 <= r < range */
static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range)
{
-int b, n;
+int n;
int count = 100;
if (range->neg || BN_is_zero(range)) {
@@ -132,11 +132,9 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const
BIGNUM *range)
* than range
*/
do {
-b = flag == NORMAL
-? BN_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)
-: BN_priv_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY);
-if (!b)
+if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
return 0;
+
/*
* If r < 3*range, use r := r MOD range (which is either r, r -
* range, or r - 2*range). Otherwise, iterate once more. Since
@@ -161,7 +159,7 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const
BIGNUM *range)
} else {
do {
/* range = 11..._2 or range = 101..._2 */
-if (!BN_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
return 0;
if (!--count) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via d91f45688c2d0bfcc5b3b57fb20cc80b010eef0b (commit)
from b3f9064cc66324d2359dba5350c71540ce869ceb (commit)
- Log -
commit d91f45688c2d0bfcc5b3b57fb20cc80b010eef0b
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Nov 5 14:37:15 2017 +0100
Tell the ciphers which DRBG to use for generating random bytes.
Reviewed-by: Richard Levitte <levi...@openssl.org>
GH: #4672
---
Summary of changes:
crypto/evp/e_aes.c | 22 +-
crypto/evp/e_aes_cbc_hmac_sha1.c | 15 ---
crypto/evp/e_aes_cbc_hmac_sha256.c | 15 ---
crypto/evp/e_aria.c| 12 +---
crypto/evp/e_des.c | 8 +++-
crypto/evp/e_des3.c| 13 +++--
crypto/evp/evp_enc.c | 16 +++-
crypto/evp/evp_locl.h | 1 +
crypto/evp/p_seal.c| 13 ++---
doc/man3/EVP_EncryptInit.pod | 14 ++
include/openssl/evp.h | 2 ++
ssl/s3_enc.c | 1 +
ssl/statem/statem_srvr.c | 1 +
ssl/t1_enc.c | 1 +
ssl/tls13_enc.c| 1 +
15 files changed, 114 insertions(+), 21 deletions(-)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 1d5007a..bed9b27 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -17,6 +17,7 @@
#include "internal/evp_int.h"
#include "modes_lcl.h"
#include
+#include
#include "evp_locl.h"
typedef struct {
@@ -1404,8 +1405,14 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int
type, int arg, void *ptr)
memcpy(gctx->iv, ptr, arg);
enc = EVP_CIPHER_CTX_encrypting(c);
-if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
-return 0;
+if (enc) {
+if (c->drbg != NULL) {
+if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen -
arg) == 0)
+return 0;
+} else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
+return 0;
+}
+}
gctx->iv_gen = 1;
return 1;
@@ -2632,9 +2639,14 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int
arg, void *ptr)
return 0;
if (arg)
memcpy(gctx->iv, ptr, arg);
-if (EVP_CIPHER_CTX_encrypting(c)
-&& RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
-return 0;
+if (EVP_CIPHER_CTX_encrypting(c)) {
+if (c->drbg != NULL) {
+if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen -
arg) == 0)
+return 0;
+} else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
+return 0;
+}
+}
gctx->iv_gen = 1;
return 1;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 09d24dc..053189e 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -17,9 +17,11 @@
#include
#include
#include
+#include
#include "modes_lcl.h"
#include "internal/evp_int.h"
#include "internal/constant_time_locl.h"
+#include "evp_locl.h"
typedef struct {
AES_KEY ks;
@@ -154,7 +156,8 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
unsigned char *out,
const unsigned char *inp,
- size_t inp_len, int n4x)
+ size_t inp_len, int n4x,
+ RAND_DRBG *drbg)
{ /* n4x is 1 or 2 */
HASH_DESC hash_d[8], edges[8];
CIPH_DESC ciph_d[8];
@@ -174,8 +177,13 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1
*key,
# endif
/* ask for IVs in bulk */
-if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+IVs = blocks[0].c;
+if (drbg != NULL) {
+if (RAND_DRBG_bytes(drbg, IVs, 16 * x4) == 0)
+return 0;
+} else if (RAND_bytes(IVs, 16 * x4) <= 0) {
return 0;
+}
ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
@@ -893,7 +901,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx,
int type, int arg,
return (int)tls1_1_multi_block_encrypt(key, param->out,
param->inp, param->len,
- param->interleave / 4);
+
[openssl-commits] [openssl] master update
The branch master has been updated via 32bda2b2e4900308cb025020d8c8692e1d3c2ba9 (commit) from 649cfb5cbb78e3c4c91ceb65fad2a4daad6047dd (commit) - Log - commit 32bda2b2e4900308cb025020d8c8692e1d3c2ba9 Author: Kurt Roeckx <k...@roeckx.be> Date: Sun Feb 18 19:16:13 2018 +0100 Switch the DRBGs from AES-128-CTR to AES-256-CTR Reviewed-by: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> GH: #5401 --- Summary of changes: include/internal/rand.h | 18 +- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/include/internal/rand.h b/include/internal/rand.h index d56742e..471b6b5 100644 --- a/include/internal/rand.h +++ b/include/internal/rand.h @@ -15,14 +15,22 @@ /* * Default security strength (in the sense of [NIST SP 800-90Ar1]) - * of the default OpenSSL DRBG, and the corresponding NID. * - * Currently supported values: 128, 192, 256 + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implemantion does + * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG + * to that of the cipher. * - * TODO(DRBG): would be nice to have the strength configurable + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + * + * TODO(DRBG): would be nice to have the NID and strength configurable */ -# define RAND_DRBG_STRENGTH 128 -# define RAND_DRBG_NID NID_aes_128_ctr +# define RAND_DRBG_STRENGTH 256 +# define RAND_DRBG_NID NID_aes_256_ctr /* * Object lifetime functions. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 60595292ae83b112a1854a59379a51f210c04b6c (commit)
from 32bda2b2e4900308cb025020d8c8692e1d3c2ba9 (commit)
- Log -
commit 60595292ae83b112a1854a59379a51f210c04b6c
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Feb 18 18:39:19 2018 +0100
Check return value of time() when getting additional data for the DRBG
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
GH: #5400
---
Summary of changes:
crypto/rand/rand_lib.c | 16
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 7b8b8fc..b8b7b6e 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -229,9 +229,11 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
}
/*
- * Find a suitable system time. Start with the highest resolution source
+ * Find a suitable source of time. Start with the highest resolution source
* and work down to the slower ones. This is added as additional data and
* isn't counted as randomness, so any result is acceptable.
+ *
+ * Returns 0 when we weren't able to find any time source
*/
static uint64_t get_timer_bits(void)
{
@@ -260,7 +262,7 @@ static uint64_t get_timer_bits(void)
}
#else
-#if defined(OSSL_POSIX_TIMER_OKAY)
+# if defined(OSSL_POSIX_TIMER_OKAY)
{
struct timespec ts;
clockid_t cid;
@@ -286,7 +288,12 @@ static uint64_t get_timer_bits(void)
return TWO32TO64(tv.tv_sec, tv.tv_usec);
}
# endif
-return time(NULL);
+{
+time_t t = time(NULL);
+if (t == (time_t)-1)
+return 0;
+return t;
+}
#endif
}
@@ -329,7 +336,8 @@ size_t rand_drbg_get_additional_data(unsigned char **pout,
size_t max_len)
RAND_POOL_add(pool, (unsigned char *)_id, sizeof(thread_id), 0);
tbits = get_timer_bits();
-RAND_POOL_add(pool, (unsigned char *), sizeof(tbits), 0);
+if (tbits != 0)
+RAND_POOL_add(pool, (unsigned char *), sizeof(tbits), 0);
/* TODO: Use RDSEED? */
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 72960279562e9af53264155a46b4a0b6a40f9590 (commit) from f11a023adaae8ba037f952fd72dfbcc34733c993 (commit) - Log - commit 72960279562e9af53264155a46b4a0b6a40f9590 Author: Kurt Roeckx <k...@roeckx.be> Date: Sat Feb 10 00:30:29 2018 +0100 Use both getrandom() and /dev/urandom by default on Linux. getrandom() is now used on Linux by default when using Linux >= 3.17 and glibc >= 2.25 Reviewed-by: Rich Salz <rs...@openssl.org> GH: #5314 --- Summary of changes: crypto/rand/rand_unix.c | 18 +++--- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index f5a59cb..bfd7ef0 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -14,10 +14,6 @@ #include "rand_lcl.h" #include -#ifdef OPENSSL_RAND_SEED_GETRANDOM -# include -#endif - #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \ !defined(OPENSSL_RAND_SEED_NONE) # error "UEFI and VXWorks only support seeding NONE" @@ -123,11 +119,19 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool) # endif # if defined(OPENSSL_RAND_SEED_OS) -# if defined(DEVRANDOM) -#define OPENSSL_RAND_SEED_DEVRANDOM -# else +# if !defined(DEVRANDOM) #error "OS seeding requires DEVRANDOM to be configured" # endif +# define OPENSSL_RAND_SEED_DEVRANDOM +# if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +#if __GLIBC_PREREQ(2, 25) +# define OPENSSL_RAND_SEED_GETRANDOM +#endif +# endif +# endif + +# ifdef OPENSSL_RAND_SEED_GETRANDOM +# include # endif # if defined(OPENSSL_RAND_SEED_LIBRANDOM) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via c03cae415e39443604cce5bc9172110a8eb693d8 (commit) from 9d876466604fb3489594d4819dc0c8c4b530b9b4 (commit) - Log - commit c03cae415e39443604cce5bc9172110a8eb693d8 Author: Jörn Heissler <joernheiss...@users.noreply.github.com> Date: Tue Dec 26 11:36:48 2017 +0100 Fix duplicate words in in codingstyle.txt Reviewed-by: Kurt Roeckx <k...@roeckx.be> Reviewed-by: Tim Hudson <t...@cryptsoft.com> GH: #33 --- Summary of changes: policies/codingstyle.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policies/codingstyle.txt b/policies/codingstyle.txt index 9be0b7d..db21c44 100644 --- a/policies/codingstyle.txt +++ b/policies/codingstyle.txt @@ -167,7 +167,7 @@ This example is wrong: s = sizeof( struct file ); -When declaring pointer data or a function that returns a pointer type, the +When declaring pointer data or a function that returns a pointer type, the asterisk goes next to the data or function name, and not the type: char *openssl_banner; @@ -255,7 +255,7 @@ Windows headers use X509 and X590_NAME. Consider using a prefix, as with CMS_ContentInfo, if the name is common or generic. Of course, you often don't find out until the code is ported to other platforms. -A final word on struct's. OpenSSL has has historically made all struct +A final word on struct's. OpenSSL has historically made all struct definitions public; this has caused problems with maintaining binary compatibility and adding features. Our stated direction is to have struct's be opaque and only expose pointers in the API. The actual struct definition _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via b12169eeafcd7660dce76cc290e379040a638fde (commit)
from 4dfe4310c31c4483705991d9a798ce9be1ed1c68 (commit)
- Log -
commit b12169eeafcd7660dce76cc290e379040a638fde
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sat Dec 23 23:32:11 2017 +0100
Fix comment about undefined behavior of constant_time_msb
This comment was correct for the original commit introducing this
function (5a3d21c0585064292bde5cd34089e120487ab687), but was fixed
in commit d2fa182988afa33d9e950358de406cc9fb36d000 (and
67b8bcee95f225a07216700786b538bb98d63cfe)
Reviewed-by: Ben Kaduk <ka...@mit.edu>
GH: #4975
---
Summary of changes:
include/internal/constant_time_locl.h | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/include/internal/constant_time_locl.h
b/include/internal/constant_time_locl.h
index 8b714fb..c60e59c 100644
--- a/include/internal/constant_time_locl.h
+++ b/include/internal/constant_time_locl.h
@@ -31,12 +31,7 @@ extern "C" {
* c = constant_time_select(lt, a, b);
*/
-/*
- * Returns the given value with the MSB copied to all the other
- * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to
- * replace this with something else on odd CPUs.
- */
+/* Returns the given value with the MSB copied to all the other bits. */
static ossl_inline unsigned int constant_time_msb(unsigned int a);
/* Convenience method for uint64_t. */
static ossl_inline uint64_t constant_time_msb_64(uint64_t a);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 56d362881eb9173d74f89aa8c4c4b42bc3397a17 (commit)
from b4ff66223b53ad9d2f5b4efd75bf8d52cc59c8dd (commit)
- Log -
commit 56d362881eb9173d74f89aa8c4c4b42bc3397a17
Author: Paul Yang <yang.y...@baishancloud.com>
Date: Fri Dec 15 15:01:20 2017 +0800
Remove spaces at end of line in ssl/statem
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
Reviewed-by: Matt Caswell <m...@openssl.org>
GH: #4934
---
Summary of changes:
ssl/statem/extensions.c | 2 +-
ssl/statem/extensions_clnt.c | 2 +-
ssl/statem/extensions_srvr.c | 2 +-
ssl/statem/statem_srvr.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 28f7ada..505337a 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1047,7 +1047,7 @@ static int final_alpn(SSL *s, unsigned int context, int
sent)
* we also have to do this before we decide whether to accept early_data.
* In TLSv1.3 we've already negotiated our cipher so we do this call now.
* For < TLSv1.3 we defer it until after cipher negotiation.
- *
+ *
* On failure SSLfatal() already called.
*/
return tls_handle_alpn(s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 2b39459..dbb8812 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1202,7 +1202,7 @@ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt,
unsigned int context,
unsigned int value;
if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, )) {
-SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
SSL_R_BAD_EXTENSION);
return 0;
}
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index d34a7c5..30cbf9e 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1081,7 +1081,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s,
WPACKET *pkt,
*/
if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) {
/* SSLfatal() already called */
- return EXT_RETURN_FAIL;
+ return EXT_RETURN_FAIL;
}
if (!WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 249ee40..f24f05f 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -654,7 +654,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE
wst)
* Actually this is the end of the handshake, but we're going
* straight into writing the session ticket out. So we finish off
* the handshake, but keep the various buffers active.
- *
+ *
* Calls SSLfatal as required.
*/
return tls_finish_handshake(s, wst, 0);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via d807db26a403b4de69d7846656362e70f5083428 (commit)
from 92793648945affdfe529fa711666d19528815789 (commit)
- Log -
commit d807db26a403b4de69d7846656362e70f5083428
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Nov 19 17:40:56 2017 +0100
Create a prototype for OPENSSL_rdtsc
Switch to make it return an uint32_t instead of the various different
types it returns now.
Fixes: #3125
Reviewed-by: Andy Polyakov <ap...@openssl.org>
GH: #4757
---
Summary of changes:
crypto/armcap.c | 7 ---
crypto/sparcv9cap.c | 3 ++-
include/internal/cryptlib.h | 4
test/modes_internal_test.c| 3 ++-
test/poly1305_internal_test.c | 4 ++--
test/siphash_internal_test.c | 4 ++--
6 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/crypto/armcap.c b/crypto/armcap.c
index b55a71e..a1f77fa 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -13,6 +13,7 @@
#include
#include
#include
+#include "internal/cryptlib.h"
#include "arm_arch.h"
@@ -23,7 +24,7 @@ void OPENSSL_cpuid_setup(void)
{
}
-unsigned long OPENSSL_rdtsc(void)
+uint32_t OPENSSL_rdtsc(void)
{
return 0;
}
@@ -45,9 +46,9 @@ void _armv8_aes_probe(void);
void _armv8_sha1_probe(void);
void _armv8_sha256_probe(void);
void _armv8_pmull_probe(void);
-unsigned long _armv7_tick(void);
+uint32_t _armv7_tick(void);
-unsigned long OPENSSL_rdtsc(void)
+uint32_t OPENSSL_rdtsc(void)
{
if (OPENSSL_armcap_P & ARMV7_TICK)
return _armv7_tick();
diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c
index 61d0334..c8c5675 100644
--- a/crypto/sparcv9cap.c
+++ b/crypto/sparcv9cap.c
@@ -15,6 +15,7 @@
#include
#include
#include
+#include "internal/cryptlib.h"
#include "sparc_arch.h"
@@ -98,7 +99,7 @@ unsigned long _sparcv9_random(void);
size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t);
size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t);
-unsigned long OPENSSL_rdtsc(void)
+uint32_t OPENSSL_rdtsc(void)
{
if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
#if defined(__sun) && defined(__SVR4)
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index 4280185..25ccdb1 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -94,6 +94,10 @@ FILE *openssl_fopen(const char *filename, const char *mode);
void *openssl_fopen(const char *filename, const char *mode);
# endif
+#ifdef OPENSSL_CPUID_OBJ
+uint32_t OPENSSL_rdtsc();
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c
index f3e46fe..6b02fd0 100644
--- a/test/modes_internal_test.c
+++ b/test/modes_internal_test.c
@@ -17,6 +17,7 @@
#include "../crypto/modes/modes_lcl.h"
#include "testutil.h"
#include "internal/nelem.h"
+#include "internal/cryptlib.h"
typedef struct {
size_t size;
@@ -889,7 +890,7 @@ static void benchmark_gcm128(const unsigned char *K, size_t
Klen,
#ifdef OPENSSL_CPUID_OBJ
GCM128_CONTEXT ctx;
AES_KEY key;
-size_t start, gcm_t, ctr_t, OPENSSL_rdtsc();
+uint32_t start, gcm_t, ctr_t;
union {
u64 u;
u8 c[1024];
diff --git a/test/poly1305_internal_test.c b/test/poly1305_internal_test.c
index d1d71c9..3631f34 100644
--- a/test/poly1305_internal_test.c
+++ b/test/poly1305_internal_test.c
@@ -16,6 +16,7 @@
#include "internal/poly1305.h"
#include "../crypto/poly1305/poly1305_local.h"
#include "internal/nelem.h"
+#include "internal/cryptlib.h"
typedef struct {
size_t size;
@@ -40,8 +41,7 @@ static void benchmark_poly1305()
POLY1305 poly1305;
unsigned char key[32];
unsigned char buf[8192];
-unsigned long long stopwatch;
-unsigned long long OPENSSL_rdtsc();
+uint32_t stopwatch;
unsigned int i;
memset (buf,0x55,sizeof(buf));
diff --git a/test/siphash_internal_test.c b/test/siphash_internal_test.c
index d832aab..fe20762 100644
--- a/test/siphash_internal_test.c
+++ b/test/siphash_internal_test.c
@@ -17,6 +17,7 @@
#include "internal/siphash.h"
#include "../crypto/siphash/siphash_local.h"
#include "internal/nelem.h"
+#include "internal/cryptlib.h"
static BIO* b_stderr = NULL;
static BIO* b_stdout = NULL;
@@ -43,8 +44,7 @@ static int benchmark_siphash(void)
SIPHASH siphash;
unsigned char key[SIPHASH_KEY_SIZE];
unsigned char buf[8192];
-unsigned long long stopwatch;
-unsigned long long OPENSSL_rdtsc();
+uint32_t stopwatch;
unsigned int i;
memset (buf,0x55,sizeof(buf));
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 98fe34c30fe1fb7be3023e4c1458da73f8e55da9 (commit) from 95aec441c0a8d4caa4590f9ba2827a131134e8d1 (commit) - Log - commit 98fe34c30fe1fb7be3023e4c1458da73f8e55da9 Author: Kurt Roeckx <k...@roeckx.be> Date: Thu Nov 2 18:53:16 2017 +0100 Fix no-ssl3-method build Reviewed-by: Rich Salz <rs...@openssl.org> GH: #4649 --- Summary of changes: ssl/s23_clnt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 92f41dd..05b892b 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -757,10 +757,12 @@ static int ssl23_get_server_hello(SSL *s) s->version = TLS1_VERSION; s->method = TLSv1_client_method(); break; +#ifndef OPENSSL_NO_SSL3_METHOD case SSL3_VERSION: s->version = SSL3_VERSION; s->method = SSLv3_client_method(); break; +#endif } SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 5de38e975e062f4c93bc6b6f49a4bd831b927ecf (commit) from ca5d922f412dadca207e610fd35716ff6bff0279 (commit) - Log - commit 5de38e975e062f4c93bc6b6f49a4bd831b927ecf Author: Kurt Roeckx <k...@roeckx.be> Date: Thu Aug 17 22:06:28 2017 +0200 Fix duplicate line --- Summary of changes: news/vulnerabilities.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 5812fb7..0880fbc 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -278,7 +278,6 @@ unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be - affected.ctures using a callback which do not handle NULL value are affected. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 5a3d24ad5af3a2fee1d5381bda5329c07b6328d8 (commit)
from 257a03ccb5f395a23bbf63b6fcdd024081b114c7 (commit)
- Log -
commit 5a3d24ad5af3a2fee1d5381bda5329c07b6328d8
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Oct 29 15:13:43 2017 +0100
Only reset the ctx when a cipher is given
This restores the 1.0.2 behaviour
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Benjamin Kaduk <bka...@akamai.com>
GH: #4613
(cherry picked from commit ffd23209933ea0ad5543f15ca6303d63d8dac826)
---
Summary of changes:
crypto/evp/evp_enc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index f829e8d..5ea14cd 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -50,7 +50,8 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc)
{
-EVP_CIPHER_CTX_reset(ctx);
+if (cipher != NULL)
+EVP_CIPHER_CTX_reset(ctx);
return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via ffd23209933ea0ad5543f15ca6303d63d8dac826 (commit)
from 79204b9cd7bbaaf524de9bc83d96e2d320d7538c (commit)
- Log -
commit ffd23209933ea0ad5543f15ca6303d63d8dac826
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Oct 29 15:13:43 2017 +0100
Only reset the ctx when a cipher is given
This restores the 1.0.2 behaviour
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Benjamin Kaduk <bka...@akamai.com>
GH: #4613
---
Summary of changes:
crypto/evp/evp_enc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index d353084..f89cff6 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -50,7 +50,8 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc)
{
-EVP_CIPHER_CTX_reset(ctx);
+if (cipher != NULL)
+EVP_CIPHER_CTX_reset(ctx);
return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via f702c7e905b76f483e0baba75ace35f41ab05d37 (commit) from e6f0542f1cb403d5e7a42aeeba2d74ce87d1c031 (commit) - Log - commit f702c7e905b76f483e0baba75ace35f41ab05d37 Author: Kurt Roeckx <k...@roeckx.be> Date: Sun Oct 8 12:00:26 2017 +0200 Also update the expiration date of the encryption key --- Summary of changes: news/openssl-security.asc | 27 ++- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 17a55af..217cbe7 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -62,17 +62,18 @@ H4ps4mMe0HCSGoBvdpr1Jrn9jxH870ouomiKjIWk2iauasTkdKuN9CmpEJLTT1+d x35Vi+2Hpwz2MNaxMkBcRqo2gWNV/Dbbs2dD+HGoYLARXPB4GLtrt2LHecJr0k7D l5XfELJ7NSiFDqc4FsOegCencUt5SuEElBcI822VvR9IyePXgTAGgPoQo7/HP+AR bmavRr7Gn5+NuS8dVf9zxSZT7ueVfu6lo3jpEszXLTJZgqj0FXrW2f6RywCTuSFD -t0qE7OZJemwEcwARAQABiQIlBBgBCgAPAhsMBQJX8mOWBQkFt3PdAAoJENiU4s6L -PXn1YCcQAKs0v0YK+8MdpWqsrOclPbqPRa1JRsRtJRiuUK898UfUHsB6GuYR/0bN -0aLQ7tIxTNfgGpkYAZGHfASqCqG5JyY8Tt80EvXAtG5zrrHoOQoZfyFOc8Ho+6UM -4D8aHpE8C04l/ZCNMxYB/mvjrxEAcxUADPYIcM+kfvYgEvxP7MoXxQ3W2t961KZz -i/rIRdQUcFH6mC3dt5iGDPXqu41ryZKieEZENJAyV9s5ja0JlIt7tc8045Zc8eeA -ep6ieObTHqYguhtNQp1naN3Cuo4kZZf3/Qadw9YmGqbBlCzlyr37Xv2D2VrZ1f5x -vcmmm5jvAnBxa5ww/BgOz1Ka381ehbCuGXO1QbeHpQrkGTJmXzUU6KnQt2XIgNIA -SkTkmxhb4XTpNs78IlDEa+nt2Rli+hFKlp2e1WVT2SEc127mNgkMQ/0tg2UGb11d -U+HCBp5Cfbxlre/ttWFodUpdLYm3WVUea0reJ+34VF9Swh8ThWpqAfo61VzZyAPk -Tjivu2ARLQzVMOtdQO97OriPO/OgYGbbyqtySPsDgojWd70bIX3NWZHmXZnTtXbs -Uz6TnXJoRMO400EYLcBMgiqQpLHQcKP4e1gcayGwYvhAo76SfzfzWOQtIApraZ5U -6/hTFLs2w9AF/mj/UsJBD5xkp/eC08iQ3dp2kd9rTaUUxV0qZ9le -=M5FJ +t0qE7OZJemwEcwARAQABiQI8BBgBCgAmAhsMFiEE78CkZ9YTy4PH7W0w2JTizos9 +efUFAlnZ9v8FCQefB2AACgkQ2JTizos9efVBOA/+ObcOrEGwKPI3KFaxKdkfbl/K +UoTTC8L6F/AJTd9JREXgic/CKZRfa64S+RvRqH8kY1DEUCi6v6o/57kS6o1BS+6a +PMeg/xi8nBmC5o+fqgOdIdFyUkJbwq/jWcHZ7Sjf89LCh0gtVqxsRYT3yZicCNJi +8qrWe4I2iv6OHOjZbHeF3RKM7IKaqcUCI6jklJSge3MoCR74gOEpAAA/eUQ2YfVx +pS1kMaJXLpa0gbkaylZALmt2uTvacOc5uipmZBzQRoVna9scM9+Fy0taus4TA+54 +8EMzjK7LUcgkgndXUf1hE29UGgZyOLBkLfXRZMl9hnOrurTnfUqthbpvZwQ892ba +ZW0NDkk2nlGFOCJQsfrLQdwxKm0oeH/eJoXaSSZuzn1hL2+EzfMNwpAP03l7xagI +sYkuyTUDyVGKwyT036yro9yqP0Iaa7CIgJ+DaxsyWthtG/NbJoRkmaJFKyu0pNa8 +dt04jmfMODToNAU7Ji8Ctan4gacGevYItgE8q30+kr1PPQD18DNXw6u36BLfjvPj +27SS0RP4BrS4dZo9yxGN6/T/n5AfzRXS7FFYV1XmZQrn8cQ0Iy4+RQEKjiaCb4+a +mknm+BEVRxAJA/rK+O6RyWli839woSOBDCgYLuh0ObSi2zT9Aoz/1eEVnxHpRO4T +mU1FxpSh3pxHzAiYTZ4= +=fE2n -END PGP PUBLIC KEY BLOCK- _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via e6f0542f1cb403d5e7a42aeeba2d74ce87d1c031 (commit) from aa84d2cc00c3165717746ba1a557584895c69b6d (commit) - Log - commit e6f0542f1cb403d5e7a42aeeba2d74ce87d1c031 Author: Kurt Roeckx <k...@roeckx.be> Date: Sun Oct 8 11:57:21 2017 +0200 Really revoke the team email address --- Summary of changes: news/openssl-security.asc | 128 +++--- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 389ffbd..17a55af 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -11,68 +11,68 @@ Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO 5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB -tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz -bC5vcmc+iQJTBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck -Z9YTy4PH7W0w2JTizos9efUFAlnZ8ukFCQefA0oACgkQ2JTizos9efV8Zg/3Uprj -y/ebrWsq/N7q3HuhYm8KlmXgOy5XQYmihJ/EocYVYG/xxhBn0CsRdXFlzntTRdzR -IZmQ/yU2KDJahMhgEWTA0eJJQzz9I4T1lXH58PB6FI7nxEKbQmoC4YrWc329BhM7 -wDhut7RcIreGzOoE9qaN1WR/KOto9j3AbXEpox1arWisCIuTDFxUU2iZy0Jix4Pl -tp7p8PgoEzXVIL5/6AdETx11Pk5Xz4rgu7QJbmQvsWJyAJ7KR0UW4Htx9UdOyT+S -2VvH7utFTI/6O7f9KwrqY462v6hNiknBdTLBSO3or9SP0OvJYL7RywqUqlf6qlZq -3YBoVdqR0GhHge7If/BOfhtGIurGMM7ZfznlFKXYhoV8VDj1j2BMSMA64dYLiIv8 -r2v+/MJLG4v2UH32U0f/ziMHRpjFcWH3QkNej36l6SiZVjnGh9Cm6Jtd5YWtAJtK -V56kZ7qTqeV63KxyVHHRaEtnX98DoemhXo4powVp7wGo4a8zZ13nWPa7cQ5QOTvw -9WMdI/GXwDK5qsRU3Pl8k+YAcMWHNsAkN3IdtDHw6Sff7HgOFku3TxsjpM4iHLM0 -+LzQgLQ5yLOB69LjW/9cBeUdVBauOuBocqqbekhNsX8bD1LcvosrwmH62y+yC8B5 -qYGFAES+daL0sVUUAO6LEoPKq3+lNuqSA1w+t7QnT3BlblNTTCB0ZWFtIDxvcGVu -c3NsLXRlYW1Ab3BlbnNzbC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYC -AwEAAh4BAheAFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ8usFCQefA0oACgkQ -2JTizos9efX/Sg//c5saFrjScG0tHZd7AjDzXNhjIKIwefvxvH2soCG48UQTPYDT -RF4Wk9HdBOY7hUvxk5vhUBOT9AgwSKA7aCvHm79k6+kUFOn+5kpId0RS4lhMl1Ow -y/1O+hM6F+JBeeVKZi7Po8iRHx/v8Yx1l//qE0hqtOFBd2zVkRXqpRA4aBvr2i/G -tOgyEoJZyYRl8wFpjaSO4SgNb+RRv/sesF9lI27GPo3wu9X3cGGHG7h0R5uEBijM -0M7Z176Fz5t2y6Ye0RKwt6lxv61HXA6HHUWem/tOcLe+ROHD/4dG9wdj8O+jh8CL -nXpGz5ig6pQsJBfX/wmxltYSEDFKMxN08EAVaUUZ+RAuEys9Ii8n/TDIz9TiCw0U -BOWapmBVAQw7vNns/rlOdbRvpTQ3WT4rNI1XNv/w6ZGX0dkcMvjkggyz5+BS6R3+ -HIDoR8MArAtylwFO4B/LOpjxWaXkElyPWn8wJcIHmVj9vp6s//PoUGTd/SSA+EtO -v2gBf8rhpmo1GqITdAXwnv2ExSB7E/iGsq6YuQQLz1HZylgFcmcklVZEHyqsa1Er -3IopziZHXZt+JOgMSlVpMH2+mfyQGz999m2HXJTdWo5zrAAJe5j5Qrk7OPhKwPIB -bS2I9/HL8jeH+FxQbtPTuCkAMZrZnowHV2B/OTZh1P6ZMTfMgFiTgXYg6Fm0JU9w -ZW5TU0wgT01DIDxvcGVuc3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4WIQTv -wKRn1hPLg8ftbTDYlOLOiz159QUCWdnzHQIbAwUJB58DSgULCQgHAwUVCgkICwUW -AgMBAAIeAQIXgAAKCRDYlOLOiz159U2fD/0YdJq44Mvw8JJFyhttWbz/e2V6OTLp -hWaMGOlsootUIDIrqwzuezVENKgdJB8p0KVlsP6fZktkVVu90Nu7zvee2wRZ0xlS -Tl1NbRrya1pQVXmeRmJZs2fliv6C1SKo60gNHrBtc53hG2loprCWWo3Qlf+hl1VR -xXrS16S33atR7cn8psWm0AK9k2S+bVzbMRZ016YRYipg6J6uNp42Gp2ABsCQoDsQ -Bg/ndu6uzFMN+FBBlbM84VdyXgSUcoe9UQPZnIZqZGe7APkXZjKM4I2W+3ayLWbN -Oy/KO40m/Q54rSt0+pfTQ5dYK45v3quUaJJ5ordYVJMd4OJoWIJqHB/1UlMj2QYD -8UXqKzxRbZIkQbNgcadj+WxQvr3tdO4sSBZTaoeVhcTEtjVy7P6lMsHS+wGy4IZN -7XwGCMoXa6d3vPv6QM8Hi4QJcLCA8qPEs0z8kWEmzC3cpPMNtxfPT+WDT7nevU2w -FXclbQPGhGyapYCfpqfIJEPE3wYfMTKZGRzzzBpwS3fwl7I+4uLPp6NukVERg0cO -tVUH2AOSTFp8vtywof8nr2/UYC6PPJc9xOxPTxjIqB/uQ5zl7bqPI2r0pixgmETv -Kv+pypxtxBOCe1oUJqz7WcGb9IzbrEosXgyRLwoR4ZFS4LBCENc805ECw2MQg6Hq -zi/lP0/LeWkk27kCDQRUL+mfARAAwHez7x2rlPx9b5vc5wa6MRxuHKC5zoPmyGU1 -ay4JXdbv6LOxVR77SEPVjAPfQLrOPb4ImszE9D8EHe7dJvIcwM/l8ovsZCID+fX3 -aFfYO4fG9DCcM2QfFiCG2sUo6VcDK17ZrADR8L57SjyUdrVh3Zlk2qUMLbeom0sw -kfxtfwIivn0pyQ3K/rhsX6FU8g3d6+eHUCOfgDznzjwRkxByN52DvYywDdNbYPii -ZrJjt5cTm663sVhxjpIzilOEgHZf0Mzf1GDLeoLg5u8SQR9pacl8fHJeIDxcX4Vm -6Rdz+Izrw/RVL+wyaX1A+xgxacwdwaU5y7NAlEBqWpknC4rRki+huH9j2tgvGse0 -0KBKNoW5I30r9iGkDGzzQfqVVrsYJIBJNGtLc6+Zj759OxQ/NI6+K3SSpB+KbOJj -HtBwkhqAb3aa9Sa5/Y8R/O9KLqJoioyFpNomrmrE5HSrjfQpqRCS009fncd+VYvt -h6cM9jDWsTJAXEaqNoFjVfw227NnQ/hxqGCwEVzweBi7a7dix3nCa9JOw5eV3xCy -ezUohQ6nOBbDnoAnp3FLeUrhBJQXCPNtlb0fSMnj14EwBoD6EKO/xz/gEW5mr0a+ -xp+fjbkvHVX/c8UmU+7nlX7upaN46RLM1y0yWYKo9BV61tn+kcsAk7khQ7dKhOzm -SXpsBHMAEQEAAYkCJQQYAQoADwIbDAUCV/JjlgUJBbdz3QAKCRDYlOLOiz159WAn -EACrNL9GCvvDHaVqrKznJT26j0WtSUbEbSUYrlCvPfFH1B7AehrmEf9GzdGi0O7S -MUzX4BqZGAGRh3wEqgqhuScmPE7fNBL1wLRuc66x6DkKGX8hTnPB6PulDOA/Gh6R -PAtOJf2QjTMWAf5r468RAHMVAAz2CHDPpH72IBL8T+zKF8UN1trfetSmc4v6yEXU -FHBR+pgt3beYhgz16ruNa8mSonhGRDSQMlfbOY2tCZSLe7XPNOOWXPHngHqeonjm -0x6mILobTUKdZ2jdwrqOJGWX9/0GncPWJhqmwZQs5cq9+179g9la2dX+cb3JppuY -7wJwcWucMPwYDs9Smt/NXoWwrhlztUG3h6UK5BkyZl81FOip0LdlyIDSAEpE5JsY -W+F06TbO/CJQxGvp7dkZYvoRSpadntVlU9khHNdu5jYJDEP9LYNlBm9dXVPhwgae -Qn28Za3v7bVhaHVKXS2Jt1lVHm
[openssl-commits] [web] master update
The branch master has been updated via aa84d2cc00c3165717746ba1a557584895c69b6d (commit) from c0f4890dd229ec70ee856ce2441da0074dcd305d (commit) - Log - commit aa84d2cc00c3165717746ba1a557584895c69b6d Author: Kurt Roeckx <k...@roeckx.be> Date: Sun Oct 8 11:49:39 2017 +0200 Update key expiration date, revoke -team uid, add -omc uid --- Summary of changes: news/openssl-security.asc | 138 +- 1 file changed, 64 insertions(+), 74 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 1160d70..389ffbd 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -1,5 +1,4 @@ -BEGIN PGP PUBLIC KEY BLOCK- -Version: GnuPG v2 mQINBFQv6Z8BEACuJwJkw/Iniec6U1RzocYHBFKl1eE0WBu1vthYmcn0D/GJKvWM kRhx9GSlWMqj9mgSFUOsFWrpPIm3Jzh4bLweUjH5I7R0Frh39dDFh1hhwHEholBy @@ -12,77 +11,68 @@ Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO 5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB -tCdPcGVuU1NMIHRlYW0gPG9wZW5zc2wtdGVhbUBvcGVuc3NsLm9yZz6JAhwEEAEK -AAYFAlSl23AACgkQIGTFNkHCXl3/qw/7BatGhw4B4dKJsw2Ds3fBcOl4m8q5+TxI -ILZaz4ko63tLBoXzs04f3UF+5DKb0H/lo1Pp3WYQL+KL0sVcZ3KDNXWLTpvz0qND -88Ek85c0PusIrqcvD24bUlFkNyeToniPj+59LGbmxSg6FdQ9w+a72QwcE1hPxSYg -nC8b5U1jlmteFKGYAI8vy5OkQG/t9JhS6yi9TTVAE+jT9tDbkmWaJo+B3+VReO0d -RnH799vGk23GxXEf1ncA4SO6BFKve/eewB3buf4dbPnI6V3BS2Bcdo21bmECeqdd -AeIGAxWC5kvwZwHvjrkOJq+5jsRvB+PYUPhdAtr6nNroWn+t/hFgfYd85arqLWj+ -Ln156tNFzULEgOIZcC2DnkW+a/cFa0GOqIyNH3lysLuE0dzin6EE6upae/u2KYMe -GqaOs6KdyH1bu/zUg0bxX0n2GyBBxCAKTeD7qpv/OMdNSZRQckTDYzAd+BguzQ3F -9I8tVXWp53G4mZWVXK4kU78Gj4nvM6FMBEXowtvBNhx+xRY2n0mA0x36IbERcKLE -7nCxhdiUqEZGixDbZOj1TTxMd97TC6FIWGQLVu46R0HJsulpljUBeEcMNM7hNC7d -LlpSujZiOydJaHxio2uO5vOYetkrl7hA+MDm02BteFshlUYlsOhCoM0qOTvW+t5O -LY0yBrsEYCWJAj0EEwEKACcCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlfy -Y0kFCQW3c6YACgkQ2JTizos9efX8rw/9G0bEooWoTfRt0wfXp0K/TiXXcKuLyhAz -JpzHyg1e7OEJ0mp/SypYNHROVWBYB6hVNu/brt4ekZMEjHIIMA8GTNaBoVh6GCJa -aaCYSzYDWI3GsDZwdJbvwh2Bl95zUYCyK9rzZuZWychkbSGrq42nqt4q2EZLDEud -cBwkKan7tAXFaexcG/dZPwjcMsxsxW8ZgkfKisIYwKnLb0mrWofWdBLioDn6ipjA -ZJnxHghFK2t4+O/1co08DX3dycjeCUJoposPcjvfTfUw5eI3Ix3WiZLdDUQhhf5D -mo61YguakhfeE9gr45VpUOXrewmnW0RsfCdmgRe3mzNH38P6cLXnbT/ZQstWwjWz -oC3cEwxiFuSLNsTQoVrHYWx9N6f/KADSCwtTjGCpxSJdJvlA5Bwjj63mIugFw8xA -CZR5AYIUgCSucWIIGUyDOTAWy7hbn3AKHhWp8XkC7cQTnfzdrb2OYEhKttxXYKXA -DJoGRQmjsDKglj5S87uIevUrwcLKj6Qx/91V071UWilpjie+EhQCNfnwMa9XSRZ4 -s95qdok2II7W2W6gzP5igKd3SgQbNnO6AZXUoj7kpvnnZ9ISPeOx2TjO3UA8eYNO -VaiErPl0I6TrxeBVcFlWBO+dYVsRN+/iU8j2LSzun9SLSez+0nC1h+ky4qsuXCtF -lqOCV5hNKLm0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1zZWN1cml0 -eUBvcGVuc3NsLm9yZz6JAhwEEAEKAAYFAlSl22kACgkQIGTFNkHCXl2hyQ//Sb1y -E/FLFIJpzfjAxw51GzXrQmkROOel07HDbaen+DVdrAhk7FMEDdykBN+ah3Xl/H+q -NMlxVbHZHNmPhh0+vkkzMYsOcMONLvlWPmQh+gfK8dWfJshUDiSOBZHgxT189X3G -IXq4iM6EHs+qqNvgL8HX634hjW5NIekggknPTqi60KPmXq7ezWos7bfiLRPNpkwX -vvL1heA9tR/KhFT8qamrH615gWWyPUjVG3dPJ8qxLkWhiSBQz/saTTSVFmpv1ykV -GwnQivygasYylzKkCd21/YpPccWZE/XCnGqJJ50DXdAydO4fxSYRozZ9BaNtrb5G -sYV13V4rNJo2JqLAMV2X92SQFIIgg2Bgn4Dba7LCqmSax+Phw9ncm34WHbyH7gR4 -oz47PPSgqQTI6UkTrFIIK7e7n4ve+TMh+odUfymLO6D7DVTadpDmw1Bgf8R/fPjG -M+Fq0F3iygQhckAg/KbJ9GgKpk1yb2Z/iklw5d1nYjVWQw9hWsKiD8JDoLKHRVaC -CB40HUPVMQmPMjhyxf/3hA0G4tBp8pvo7sdpTtvzDqt19/ReIsNRB44R0mTkURW9 -rJvzpytOnOWwpaw+Vu2r6s1S7EZanyrkfHurHNnIQV7emFRI7+IIiXCQSqE8iQkZ -np43GnwrchouavrPqW7okwm4ocZzBfhZqbbj7S+JAj0EEwEKACcCGwMFCwkIBwMF -FQoJCAsFFgIDAQACHgECF4AFAlfyY1gFCQW3c6YACgkQ2JTizos9efW1xhAArGxS -/iIM/SfdxHyLB/8cSK+6SBzIfW0hIhwoE+4WiqiObjl2XDbNP7YIN1lmlvWQGzn8 -gc21TM90DcZf60aFHBCxplIUn4xnLQidwNrN2BSaKp25dIZHRhznxpQFZIPhnY0J -b62JQOdB7Se+QmKPBtXFDFKBUF/N7cy+2ogUGVITIGs7bosVQlLmQmKLQMUEqLhE -Ga125/iOVcIFueRYn3UsBuGEqcX5v0hslN8jv3L1KXUdlq7GDkWqJkN6RNDbPoIs -/h33RsXAeKZqumf1N+N3wLbtLJ4TcQ86MIfdLSenU0nmhMk3uvCgC8hDGPUe+Rvg -BroVXxyleqotFZ5TCMZgLJ7R3Rvg51nKdWauMTNjPkt+lUgxRqHHoz63WnCkTq/D -4D35D81VRFOG4SIdk36Zpzipy8nT/LP/PoEsLI5tn/8GnFjV/SIbkoVMvkgn7k6E -LmecOg44nJNW5MZuw2dSdC2UHt+/TNbYrHeFAHxyJnj5ulhLSAtj0TliczFUDRFS -1rl614ta3JHv1n/zABvpEV61vzzPAJ55QAkwwRmSHV7y9uGxEz/jnAeJNAOzY3tM -YW/ngr8M+jGQqLW9eCBfWE/arIBbXgt69jk/TCsd6vA11KjsWcR+yT8Dnmp9jdut -0iPOq0url0aXZDzZkw5mQibJaYd0j1wQqnEZuWy5Ag0EVC/pnwEQAMB3s+8dq5T8 -fW+b3OcGujEcbhyguc6D5shlNWsuCV3W7+izsVUe+0hD1YwD30C6zj2+CJrMxPQ/ -BB3u3SbyHMDP5fKL7GQiA/n192hX2DuHxvQwnDNkHxYghtrFKOlXAyte2awA0fC+ -e0o8lHa1Yd2ZZNqlDC23qJtLMJH8bX8CIr59KckNyv64bF+hVPIN3evnh1Ajn4A8 -5848EZMQcjedg72MsA3TW2D4omayY7eXE5uut7FYcY6SM4pThIB2X9DM39Rgy3qC -4ObvEkEfaWnJfHxyXiA8XF+FZukXc/iM68P0VS/sMml9QPsYMWnMHcGlOcuzQJRA -alqZJwuK0ZIvobh/Y9rYLxrHtNCgSjaFuSN9K/YhpAxs80H6lVa7GCSASTRrS3Ov -mY++fTsUPzSOvit0kqQfimziYx7QcJIagG92mvUmuf2PEfzvSi6iaIqMha
[openssl-commits] [openssl] master update
The branch master has been updated
via b92d7b62f585357cb88462cc3c8e2685ca646f8f (commit)
via 9b01779cbf321d23fe45cc7e3abe7a2081ab69d4 (commit)
from 4708afcb0a8bf0bc4135eebbfdb96ab80ba73bc6 (commit)
- Log -
commit b92d7b62f585357cb88462cc3c8e2685ca646f8f
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sat Sep 23 16:17:22 2017 +0200
Use size of entries, not size of the pointer.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
GH: #4410
commit 9b01779cbf321d23fe45cc7e3abe7a2081ab69d4
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sat Sep 23 14:49:03 2017 +0200
Use curve_id not the nid
Found by OSS-Fuzz and the tests
Reviewed-by: Andy Polyakov <ap...@openssl.org>
GH: #4410
---
Summary of changes:
ssl/ssl_lib.c | 2 +-
ssl/t1_lib.c | 8
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 48ce7c1..e04feec 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -720,7 +720,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->ext.supportedgroups =
OPENSSL_memdup(ctx->ext.supportedgroups,
ctx->ext.supportedgroups_len
-* sizeof(ctx->ext.supportedgroups));
+* sizeof(*ctx->ext.supportedgroups));
if (!s->ext.supportedgroups)
goto err;
s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fd26595..67b06f2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -462,7 +462,7 @@ int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
const char *str)
static int tls1_set_ec_id(uint16_t *pcurve_id, unsigned char *comp_id,
EC_KEY *ec)
{
-int id;
+int curve_nid;
const EC_GROUP *grp;
if (!ec)
return 0;
@@ -471,8 +471,8 @@ static int tls1_set_ec_id(uint16_t *pcurve_id, unsigned
char *comp_id,
if (!grp)
return 0;
/* Determine curve ID */
-id = EC_GROUP_get_curve_name(grp);
-*pcurve_id = tls1_ec_nid2curve_id(id);
+curve_nid = EC_GROUP_get_curve_name(grp);
+*pcurve_id = tls1_ec_nid2curve_id(curve_nid);
/* If no id return error: we don't support arbitrary explicit curves */
if (*pcurve_id == 0)
return 0;
@@ -482,7 +482,7 @@ static int tls1_set_ec_id(uint16_t *pcurve_id, unsigned
char *comp_id,
if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
*comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
} else {
-if ((nid_list[id - 1].flags & TLS_CURVE_TYPE) == TLS_CURVE_PRIME)
+if ((nid_list[*pcurve_id - 1].flags & TLS_CURVE_TYPE) ==
TLS_CURVE_PRIME)
*comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
else
*comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 58891025eff2fb42a6a5cf2fa861d46308826d07 (commit)
via 0b14a5b7ccd1618fe47d74a51c4873144c57ac83 (commit)
from b23171744b01e473ebbfd6edad70c1c3825ffbcd (commit)
- Log -
commit 58891025eff2fb42a6a5cf2fa861d46308826d07
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Aug 27 23:13:05 2017 +0200
Make the global DRBGs static
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
GH: #4268
commit 0b14a5b7ccd1618fe47d74a51c4873144c57ac83
Author: Kurt Roeckx <k...@roeckx.be>
Date: Sun Aug 27 17:46:33 2017 +0200
Don't auto-instantiate a DRBG when trying to use it and it's not
The one creating the DRBG should instantiate it, it's there that we
know which parameters we should use to instantiate it.
This splits the rand init in two parts to avoid a deadlock
because when the global drbg is created it wands to call
rand_add on the global rand method.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
GH: #4268
---
Summary of changes:
crypto/include/internal/rand_int.h | 1 +
crypto/init.c | 1 +
crypto/rand/drbg_lib.c | 128 -
crypto/rand/rand_lcl.h | 2 -
crypto/rand/rand_lib.c | 39 ++-
include/internal/rand.h| 1 +
ssl/ssl_lib.c | 3 +-
util/libcrypto.num | 1 +
8 files changed, 109 insertions(+), 67 deletions(-)
diff --git a/crypto/include/internal/rand_int.h
b/crypto/include/internal/rand_int.h
index 90b0094..d0999f2 100644
--- a/crypto/include/internal/rand_int.h
+++ b/crypto/include/internal/rand_int.h
@@ -18,4 +18,5 @@
#include
void rand_cleanup_int(void);
+void rand_cleanup_drbg_int(void);
void rand_fork(void);
diff --git a/crypto/init.c b/crypto/init.c
index c8f0a3f..ccfd003 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -488,6 +488,7 @@ void OPENSSL_cleanup(void)
* obj_cleanup_int() must be called last
*/
rand_cleanup_int();
+rand_cleanup_drbg_int();
conf_modules_free_int();
#ifndef OPENSSL_NO_ENGINE
engine_cleanup_int();
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index d1f419d..83ddc27 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -12,6 +12,11 @@
#include
#include
#include "rand_lcl.h"
+#include "internal/thread_once.h"
+#include "internal/rand_int.h"
+
+static RAND_DRBG rand_drbg; /* The default global DRBG. */
+static RAND_DRBG priv_drbg; /* The global private-key DRBG. */
/*
* Support framework for NIST SP 800-90A DRBG, AES-CTR mode.
@@ -25,6 +30,8 @@
* a much bigger deal than just re-setting an allocated resource.)
*/
+static CRYPTO_ONCE rand_init_drbg = CRYPTO_ONCE_STATIC_INIT;
+
/*
* Set/initialize |drbg| to be of type |nid|, with optional |flags|.
* Return -2 if the type is not supported, 1 on success and -1 on
@@ -76,18 +83,9 @@ RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags,
RAND_DRBG *parent)
goto err;
if (parent != NULL) {
-if (parent->state == DRBG_UNINITIALISED
-&& RAND_DRBG_instantiate(parent, NULL, 0) == 0)
-goto err;
if (!RAND_DRBG_set_callbacks(drbg, drbg_entropy_from_parent,
drbg_release_entropy,
- NULL, NULL)
-/*
- * Add in our address. Note we are adding the pointer
- * itself, not its contents!
- */
-|| !RAND_DRBG_instantiate(drbg,
- (unsigned char*), sizeof(drbg)))
+ NULL, NULL))
goto err;
}
@@ -98,17 +96,12 @@ err:
return NULL;
}
-RAND_DRBG *RAND_DRBG_get0_global(void)
-{
-return _drbg;
-}
-
/*
* Uninstantiate |drbg| and free all memory.
*/
void RAND_DRBG_free(RAND_DRBG *drbg)
{
-/* The global DRBG is free'd by rand_cleanup_int() */
+/* The global DRBG is free'd by rand_cleanup_drbg_int() */
if (drbg == NULL || drbg == _drbg)
return;
@@ -340,28 +333,80 @@ void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int
idx)
* global DRBG. They lock.
*/
+/*
+ * Creates a global DRBG with default settings.
+ * Returns 1 on success, 0 on failure
+ */
+static int setup_drbg(RAND_DRBG *drbg)
+{
+int ret = 1;
+
+drbg->lock = CRYPTO_THREAD_lock_new();
+ret &= drbg->lock != NULL;
+drbg->size = RANDOMNESS_NEEDED;
+drbg->secure = CRYPTO_secure_malloc_initialized();
+/* If you change these parameters, see R
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 39184b24ebf99e4b237725255e679cd3a3d7a7d3 (commit)
from ef6d11f76fba7c9d4da821947f67acc5d603b99d (commit)
- Log -
commit 39184b24ebf99e4b237725255e679cd3a3d7a7d3
Author: Xiaoyin Liu <xiaoy...@users.noreply.github.com>
Date: Fri Aug 4 01:10:41 2017 -0400
Fix typo in files in crypto folder
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
Reviewed-by: Andy Polyakov <ap...@openssl.org>
GH: #4093
(cherry picked from commit c9a41d7dd631a69b73bea8af714a3a8b872b8309)
---
Summary of changes:
crypto/armcap.c| 4 ++--
crypto/ia64cpuid.S | 4 ++--
crypto/init.c | 4 ++--
crypto/o_time.c| 4 ++--
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 2953484..432a06c 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,7 @@ static unsigned long (*getauxval) (unsigned long) = NULL;
# endif
/*
- * ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas
+ * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP.
*/
# if defined(__arm__) || defined (__arm)
diff --git a/crypto/ia64cpuid.S b/crypto/ia64cpuid.S
index ffd6d6c..92c5512 100644
--- a/crypto/ia64cpuid.S
+++ b/crypto/ia64cpuid.S
@@ -1,4 +1,4 @@
-// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
//
// Licensed under the OpenSSL license (the "License"). You may not use
// this file except in compliance with the License. You can obtain a copy
@@ -75,7 +75,7 @@ OPENSSL_wipe_cpu:
{ .mii;add r9=96*8-8,r9
mov ar.ec=1 };;
-// One can sweep double as fast, but then we can't quarantee
+// One can sweep double as fast, but then we can't guarantee
// that backing storage is wiped...
.L_wipe_top:
{ .mfi;st8 [r9]=r0,-8
diff --git a/crypto/init.c b/crypto/init.c
index 3956967..cf65b14 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -650,7 +650,7 @@ int OPENSSL_atexit(void (*handler)(void))
* Deliberately leak a reference to the handler. This will force the
* library/code containing the handler to remain loaded until we run
the
* atexit handler. If -znodelete has been used then this is
- * unneccessary.
+ * unnecessary.
*/
{
DSO *dso = NULL;
diff --git a/crypto/o_time.c b/crypto/o_time.c
index 3690232..b2fb38a 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,7 +20,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm
*result)
/*
* On VMS, gmtime_r() takes a 32-bit pointer as second argument.
* Since we can't know that |result| is in a space that can easily
- * translate to a 32-bit pointer, we must store temporarly on stack
+ * translate to a 32-bit pointer, we must store temporarily on stack
* and copy the result. The stack is always reachable with 32-bit
* pointers.
*/
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via afc901e0ec53cd98618ade030b67a1ff8337d9dd (commit)
via c9a41d7dd631a69b73bea8af714a3a8b872b8309 (commit)
from c67a2f80ec933465c54138fe829433d535651349 (commit)
- Log -
commit afc901e0ec53cd98618ade030b67a1ff8337d9dd
Author: Johannes Bauer <j...@johannes-bauer.com>
Date: Sat Aug 5 10:53:42 2017 +0200
Small typo in manpage of x509(1)
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
Reviewed-by: Andy Polyakov <ap...@openssl.org>
GH: #4090
commit c9a41d7dd631a69b73bea8af714a3a8b872b8309
Author: Xiaoyin Liu <xiaoy...@users.noreply.github.com>
Date: Fri Aug 4 01:10:41 2017 -0400
Fix typo in files in crypto folder
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
Reviewed-by: Andy Polyakov <ap...@openssl.org>
GH: #4093
---
Summary of changes:
crypto/armcap.c| 4 ++--
crypto/ia64cpuid.S | 4 ++--
crypto/init.c | 4 ++--
crypto/o_time.c| 4 ++--
doc/man1/x509.pod | 2 +-
5 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/crypto/armcap.c b/crypto/armcap.c
index baa2d3d..b55a71e 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,7 @@ static unsigned long (*getauxval) (unsigned long) = NULL;
# endif
/*
- * ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas
+ * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP.
*/
# if defined(__arm__) || defined (__arm)
diff --git a/crypto/ia64cpuid.S b/crypto/ia64cpuid.S
index ffd6d6c..92c5512 100644
--- a/crypto/ia64cpuid.S
+++ b/crypto/ia64cpuid.S
@@ -1,4 +1,4 @@
-// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
//
// Licensed under the OpenSSL license (the "License"). You may not use
// this file except in compliance with the License. You can obtain a copy
@@ -75,7 +75,7 @@ OPENSSL_wipe_cpu:
{ .mii;add r9=96*8-8,r9
mov ar.ec=1 };;
-// One can sweep double as fast, but then we can't quarantee
+// One can sweep double as fast, but then we can't guarantee
// that backing storage is wiped...
.L_wipe_top:
{ .mfi;st8 [r9]=r0,-8
diff --git a/crypto/init.c b/crypto/init.c
index b7c7715..e1ca88f 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -657,7 +657,7 @@ int OPENSSL_atexit(void (*handler)(void))
* Deliberately leak a reference to the handler. This will force the
* library/code containing the handler to remain loaded until we run
the
* atexit handler. If -znodelete has been used then this is
- * unneccessary.
+ * unnecessary.
*/
{
DSO *dso = NULL;
diff --git a/crypto/o_time.c b/crypto/o_time.c
index 3690232..b2fb38a 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,7 +20,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm
*result)
/*
* On VMS, gmtime_r() takes a 32-bit pointer as second argument.
* Since we can't know that |result| is in a space that can easily
- * translate to a 32-bit pointer, we must store temporarly on stack
+ * translate to a 32-bit pointer, we must store temporarily on stack
* and copy the result. The stack is always reachable with 32-bit
* pointers.
*/
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 0b79560..5b2fc0e 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -703,7 +703,7 @@ Display the "Subject Alternative Name" extension of a
certificate:
openssl x509 -in cert.pem -noout -ext subjectAltName
-Display the more extensions of a certificate:
+Display more extensions of a certificate:
openssl x509 -in cert.pem -noout -ex
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 0e5be9faa3958cce5eb776c65fcf31b634590ea8 (commit)
from 42aebbd557c9deb5746ef9e69241d2de8913fdd5 (commit)
- Log -
commit 0e5be9faa3958cce5eb776c65fcf31b634590ea8
Author: Johannes Bauer <j...@johannes-bauer.com>
Date: Fri Jul 21 19:58:18 2017 +0200
Fix const correctness of EC_KEY_METHOD_get_*
Changes the EC_KEY_METHOD_get_* family to not need a EC_KEY_METHOD* as
its first parameter, but a const EC_KEY_METHOD*, which is entirely
sufficient.
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
GH: #3985
(cherry picked from commit 4e9b720e90ec154c9708139e96ec0ff8e2796c82)
---
Summary of changes:
crypto/ec/ec_kmeth.c | 10 +-
include/openssl/ec.h | 10 +-
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index eb469ba..5e5d1ae 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -236,7 +236,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
meth->verify_sig = verify_sig;
}
-void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
int (**pinit)(EC_KEY *key),
void (**pfinish)(EC_KEY *key),
int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
@@ -261,14 +261,14 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
*pset_public = meth->set_public;
}
-void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
int (**pkeygen)(EC_KEY *key))
{
if (pkeygen != NULL)
*pkeygen = meth->keygen;
}
-void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
int (**pck)(unsigned char **pout,
size_t *poutlen,
const EC_POINT *pub_key,
@@ -278,7 +278,7 @@ void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
*pck = meth->compute_key;
}
-void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
int (**psign)(int type, const unsigned char *dgst,
int dlen, unsigned char *sig,
unsigned int *siglen,
@@ -300,7 +300,7 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
*psign_sig = meth->sign_sig;
}
-void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
int (**pverify)(int type, const unsigned
char *dgst, int dgst_len,
const unsigned char *sigbuf,
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 6f7548c..f06680a 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1223,7 +1223,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
const ECDSA_SIG *sig,
EC_KEY *eckey));
-void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
int (**pinit)(EC_KEY *key),
void (**pfinish)(EC_KEY *key),
int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
@@ -1234,16 +1234,16 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
int (**pset_public)(EC_KEY *key,
const EC_POINT *pub_key));
-void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
int (**pkeygen)(EC_KEY *key));
-void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
int (**pck)(unsigned char **psec,
size_t *pseclen,
const EC_POINT *pub_key,
const EC_KEY *ecdh));
-void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
int (**psign)(int type, const unsigned char *dgst,
int dlen, unsigned char *sig,
unsigned int *siglen,
@@ -1257,7 +1257,7 @@ void EC_KEY_ME
[openssl-commits] [openssl] master update
The branch master has been updated
via 4e9b720e90ec154c9708139e96ec0ff8e2796c82 (commit)
from 8389ec4b4950b9474e72a959eb0b0a6ce77ac1e8 (commit)
- Log -
commit 4e9b720e90ec154c9708139e96ec0ff8e2796c82
Author: Johannes Bauer <j...@johannes-bauer.com>
Date: Fri Jul 21 19:58:18 2017 +0200
Fix const correctness of EC_KEY_METHOD_get_*
Changes the EC_KEY_METHOD_get_* family to not need a EC_KEY_METHOD* as
its first parameter, but a const EC_KEY_METHOD*, which is entirely
sufficient.
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
GH: #3985
---
Summary of changes:
crypto/ec/ec_kmeth.c | 10 +-
include/openssl/ec.h | 10 +-
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index eb469ba..5e5d1ae 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -236,7 +236,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
meth->verify_sig = verify_sig;
}
-void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
int (**pinit)(EC_KEY *key),
void (**pfinish)(EC_KEY *key),
int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
@@ -261,14 +261,14 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
*pset_public = meth->set_public;
}
-void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
int (**pkeygen)(EC_KEY *key))
{
if (pkeygen != NULL)
*pkeygen = meth->keygen;
}
-void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
int (**pck)(unsigned char **pout,
size_t *poutlen,
const EC_POINT *pub_key,
@@ -278,7 +278,7 @@ void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
*pck = meth->compute_key;
}
-void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
int (**psign)(int type, const unsigned char *dgst,
int dlen, unsigned char *sig,
unsigned int *siglen,
@@ -300,7 +300,7 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
*psign_sig = meth->sign_sig;
}
-void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
int (**pverify)(int type, const unsigned
char *dgst, int dgst_len,
const unsigned char *sigbuf,
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index e1653c9..7978d96 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1217,7 +1217,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
const ECDSA_SIG *sig,
EC_KEY *eckey));
-void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
int (**pinit)(EC_KEY *key),
void (**pfinish)(EC_KEY *key),
int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
@@ -1228,16 +1228,16 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
int (**pset_public)(EC_KEY *key,
const EC_POINT *pub_key));
-void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
int (**pkeygen)(EC_KEY *key));
-void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
int (**pck)(unsigned char **psec,
size_t *pseclen,
const EC_POINT *pub_key,
const EC_KEY *ecdh));
-void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
int (**psign)(int type, const unsigned char *dgst,
int dlen, unsigned char *sig,
unsigned int *siglen,
@@ -1251,7 +1251,7 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
[openssl-commits] [tools] master update
The branch master has been updated via 7dd524ccc83008915d9ae0b7e1a7315e8f01 (commit) from 718bcaec77e8ac62f5d607e405a29c79af23f758 (commit) - Log - commit 7dd524ccc83008915d9ae0b7e1a7315e8f01 Author: Kurt Roeckx <k...@roeckx.be> Date: Mon Jun 26 19:34:11 2017 +0200 Add a signed copy of the ssh keys --- Summary of changes: ssh-key.txt.asc | 22 ++ 1 file changed, 22 insertions(+) create mode 100644 ssh-key.txt.asc diff --git a/ssh-key.txt.asc b/ssh-key.txt.asc new file mode 100644 index 000..11cf7f9 --- /dev/null +++ b/ssh-key.txt.asc @@ -0,0 +1,22 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA512 + +git.openssl.org,2001:608:c00:180::1:ea,194.97.150.234 ssh-ed25519 C3NzaC1lZDI1NTE5IPCs7Wdosr81E6b3a/mX5ro5ZnmRCXhDAsoc4DzK/nG0 +git.openssl.org,2001:608:c00:180::1:ea,194.97.150.234 ecdsa-sha2-nistp256 E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAABBBCJ/03qS4bc3lskR7V6KxRlz4b8grj1nkoE7nCC+5of2t/BZYJsZ92ZGrH7TX3F8Tg44QHAfLcR575S2VTcnRbM= +git.openssl.org,2001:608:c00:180::1:ea,194.97.150.234 ssh-rsa B3NzaC1yc2EDAQABAAABAQC7cF5JeaUznpFLc2zr+G39SgA5q7wVeDxUFNUaHyF8QiIfE5UT444qKOakvgO+qjaCJBjcLqWcla4cWa2dZaCwWv6zQQlTf5Rdca2kt1sKQTyLTbKk33g+9iINNRgnUrhCTqi0/xZsyxOtTMBM1NmblGVoR8HjPwlwmi0u3CKgaIQQtPFYjhliPACJfSE0637HQ9zL3v0+z7sQqYlJ7hdttb/iHCPRjvbQE+tiTMms35TUIAYJIBQXMyv91PTCu35GcjWtj0jYPnsJAmWKqHPqHB5Y/Be+ulIiNOBf4aljq8auBYCfJhDUkQ1UM14CYFUCOzdWr9wr1sw8bYxQtaQP +-BEGIN PGP SIGNATURE- + +iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAllRRVkACgkQ48TdzR5M +EkSTzg/9ETO8vDgF/FVeey2IxhLiAKfXdwGU/sXkIzAShENq/0bqqVf3EYv1bj5U +QEEX6Bp9B47DolF4dWQR6XguGgyeTNrjY5qKi4OEdYMCUN3kQMdjYcEMQkXxJZWm +a1gS01lW29+IlA47fbq+ooJtft2ZjhDuCt7PiqRURRYjgPjzEEkldcXMC+sFxp7H +B5AjEFc5R1uee4khgINwTR22tNXAHjzLlA/3hptVNwpg1Q6K++yr8XN8qg63uwIo +72UzJ7D/zeMyOYPkenIEGdJ+9eRCx9UltYypX6eAYWKE0zxlyGSiK42TMRbj6H4Z +yhZR5Xu88wIS7cDpmxNb31TJISc+5Q8eHTy3SlK1Qc3/6OrpPaK4fCBtk2UnyR7u +jOiyj4S8Z8QhqGYxsWvp9sWqe6EERX3fQDJ1JI/BZP7CH5ZYTewwHayDvkbcgngH +jpa7wU2u/AFSuT4TuY7xYonFXMsUfq6OhvBobg6pULcQq2Lqz3sy2y9j38Jh8JBk +/MERwnVWMxJ/MGxgJiw/DNvnyKhc9H/GjH3hGLEocO6l3ddL/QuA/SFyIJB9TBPE +/W8JPFpgaW3x/ETUs3q5X2SKVvlcSsW0wIYCDpyNxO7X0KkjZC3xJP/X7YQMGkfP +g4j7iM/opNKB+xY4iwthfKalviBErMFlN0TqAStf8B9Mf+ftxLY= +=pMcw +-END PGP SIGNATURE- _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated
via fde111ba045f7c00e2fe673bf5bf161a64c2cb60 (commit)
from 8a996d2a5530def2307548546cbc27db610c964d (commit)
- Log -
commit fde111ba045f7c00e2fe673bf5bf161a64c2cb60
Author: Todd Short <tsh...@akamai.com>
Date: Mon May 22 11:24:59 2017 -0400
Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION (1.0.2)
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is
inconsistent. Most places check SSL->options, one place is checking
SSL_CTX->options; fix that.
Reviewed-by: Matt Caswell <m...@openssl.org>
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
GH: #3521
---
Summary of changes:
ssl/s3_pkt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 0290c99..04212c5 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1427,7 +1427,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf,
int len, int peek)
(s->s3->handshake_fragment_len >= 4) &&
(s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
(s->session != NULL) && (s->session->cipher != NULL) &&
-!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
/*
* s->s3->handshake_fragment_len = 0;
*/
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
