[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 130b7df2db7d35af75ddf56046afdd1a57a2aea8 (commit) from 5fba3afad01707f4a8856a35500de007a8a256ec (commit) - Log - commit 130b7df2db7d35af75ddf56046afdd1a57a2aea8 Author: Richard Levitte Date: Fri Apr 5 01:22:14 2019 +0200 EVP_*Update: ensure that input NULL with length 0 isn't passed Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8676) (cherry picked from commit dcb982d792d6064ed3493e79749208d8c257ff04) --- Summary of changes: crypto/evp/evp_enc.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 05dd791..bdec227 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -305,6 +305,11 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; +if (inl <= 0) { +*outl = 0; +return inl == 0; +} + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -320,10 +325,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } -if (inl <= 0) { -*outl = 0; -return inl == 0; -} if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -457,6 +458,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; +if (inl <= 0) { +*outl = 0; +return inl == 0; +} + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -472,11 +478,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } -if (inl <= 0) { -*outl = 0; -return inl == 0; -} - if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
[openssl] master update
The branch master has been updated via dcb982d792d6064ed3493e79749208d8c257ff04 (commit) from ccf453610f48fe88968f0cfc63784b503eae33a0 (commit) - Log - commit dcb982d792d6064ed3493e79749208d8c257ff04 Author: Richard Levitte Date: Fri Apr 5 01:22:14 2019 +0200 EVP_*Update: ensure that input NULL with length 0 isn't passed Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8676) --- Summary of changes: crypto/evp/evp_enc.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 7fdf759..641ad19 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -305,6 +305,11 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; +if (inl <= 0) { +*outl = 0; +return inl == 0; +} + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -320,10 +325,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } -if (inl <= 0) { -*outl = 0; -return inl == 0; -} if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -457,6 +458,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; +if (inl <= 0) { +*outl = 0; +return inl == 0; +} + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -472,11 +478,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } -if (inl <= 0) { -*outl = 0; -return inl == 0; -} - if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5fba3afad01707f4a8856a35500de007a8a256ec (commit) from 0c45bd8dae287a286583dca682eafcfa5a5d4469 (commit) - Log - commit 5fba3afad01707f4a8856a35500de007a8a256ec Author: Richard Levitte Date: Mon Apr 1 06:40:33 2019 +0200 Rework DSO API conditions and configuration option 'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8622) --- Summary of changes: Configure | 23 ++- INSTALL | 3 --- crypto/dso/dso_openssl.c | 2 +- crypto/include/internal/dso_conf.h.in | 5 +++-- crypto/init.c | 10 -- include/internal/dsoerr.h | 7 ++- 6 files changed, 20 insertions(+), 30 deletions(-) diff --git a/Configure b/Configure index c2716ad..114ee9b 100755 --- a/Configure +++ b/Configure @@ -24,7 +24,7 @@ use OpenSSL::Glob; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \_handler; -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -58,8 +58,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # [no-]pic [don't] try to build position independent code when supported. # If disabled, it also disables shared and dynamic-engine. # no-asmdo not use assembler -# no-dsodo not compile in any native shared-library methods. This -# will ensure that all methods just return NULL. # no-egddo not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared @@ -75,7 +73,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # -static while -static is also a pass-through compiler option (and # as such is limited to environments where it's actually # meaningful), it triggers a number configuration options, -# namely no-dso, no-pic, no-shared and no-threads. It is +# namely no-pic, no-shared and no-threads. It is # argued that the only reason to produce statically linked # binaries (and in context it means executables linked with # -static flag, and not just executables linked with static @@ -357,7 +355,6 @@ my @disablables = ( "dgram", "dh", "dsa", -"dso", "dtls", "dynamic-engine", "ec", @@ -435,6 +432,7 @@ my %deprecated_disablables = ( "buf-freelists" => undef, "ripemd" => "rmd160", "ui" => "ui-console", +"dso" => "",# Empty string means we're silent about it ); # All of the following are disabled by default: @@ -487,9 +485,6 @@ my @disable_cascades = ( "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], -# Without DSO, we can't load dynamic engines, so don't build them dynamic -"dso" => [ "dynamic-engine" ], - # Without position independent code, there can be no shared libraries or DSOs "pic" => [ "shared" ], "shared"=> [ "dynamic-engine" ], @@ -721,10 +716,13 @@ while (@argvcopy) } elsif (exists $deprecated_disablables{$1}) { -$deprecated_options{$_} = 1; -if (defined $deprecated_disablables{$1}) +if ($deprecated_disablables{$1} ne "") { -$disabled{$deprecated_disablables{$1}} = "option"; +$deprecated_options{$_} = 1; +if (defined $deprecated_disablables{$1}) +{ +$disabled{$deprecated_disablables{$1}} = "option"; +} }
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared
Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: ccf453610f Make X509_set_sm2_id consistent with other setters bbcaef6324 test/params_test.c : Adjust tests to check utf8_ptr sizes f55ed701a4 Params API: {utf8,octet}_ptr need to know the data size b926f9deb3 Fix crash in X509_STORE_CTX_get_by_subject d030892312 Add a legacy provider and put MD2 in it dc46e3dde5 Use the right NID when putting a method in the store 68ca1737ce Configurations/10-main.conf: Don't inherit assembler in Cygwin-common 195852fefc Params: add OSSL_PARAM_construct_end() bb315ca716 EC keygen updates + changed ecdsa_sign to use BN_secure_new 97cc9c9b01 Coverity: hkdf ENV_MD_size() is an int that can be negative Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:22: undefined reference
Build failed: openssl master.24057
Build openssl master.24057 failed Commit 4b999b67b7 by Shane Lontis on 4/10/2019 4:43 AM: tried to generate a dummy config to load from Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: ccf453610f Make X509_set_sm2_id consistent with other setters bbcaef6324 test/params_test.c : Adjust tests to check utf8_ptr sizes f55ed701a4 Params API: {utf8,octet}_ptr need to know the data size b926f9deb3 Fix crash in X509_STORE_CTX_get_by_subject d030892312 Add a legacy provider and put MD2 in it dc46e3dde5 Use the right NID when putting a method in the store 68ca1737ce Configurations/10-main.conf: Don't inherit assembler in Cygwin-common 195852fefc Params: add OSSL_PARAM_construct_end() bb315ca716 EC keygen updates + changed ecdsa_sign to use BN_secure_new 97cc9c9b01 Coverity: hkdf ENV_MD_size() is an int that can be negative Build log ended with (last 100 lines): /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:216: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4'
Still Failing: openssl/openssl#24637 (master - ccf4536)
Build Update for openssl/openssl - Build: #24637 Status: Still Failing Duration: 19 mins and 31 secs Commit: ccf4536 (master) Author: Paul Yang Message: Make X509_set_sm2_id consistent with other setters This commit makes the X509_set_sm2_id to 'set0' behaviour, which means the memory management is passed to X509 and user doesn't need to free the sm2_id parameter later. API name also changes to X509_set0_sm2_id. Document and test case are also updated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8626) View the changeset: https://github.com/openssl/openssl/compare/bbcaef632440...ccf453610f48 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517772351?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via ccf453610f48fe88968f0cfc63784b503eae33a0 (commit) from bbcaef632440067d173e2c4bfc40dd96ef2c0112 (commit) - Log - commit ccf453610f48fe88968f0cfc63784b503eae33a0 Author: Paul Yang Date: Mon Apr 1 10:21:53 2019 +0900 Make X509_set_sm2_id consistent with other setters This commit makes the X509_set_sm2_id to 'set0' behaviour, which means the memory management is passed to X509 and user doesn't need to free the sm2_id parameter later. API name also changes to X509_set0_sm2_id. Document and test case are also updated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8626) --- Summary of changes: apps/verify.c | 40 + crypto/include/internal/x509_int.h | 2 +- crypto/x509/x_all.c| 5 - crypto/x509/x_x509.c | 13 --- doc/man3/X509_get0_sm2_id.pod | 12 ++ include/openssl/x509.h | 2 +- test/verify_extra_test.c | 46 ++ util/libcrypto.num | 2 +- 8 files changed, 97 insertions(+), 25 deletions(-) diff --git a/apps/verify.c b/apps/verify.c index 67d3276..3767972 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -246,27 +246,37 @@ static int check(X509_STORE *ctx, const char *file, if (sm2id != NULL) { #ifndef OPENSSL_NO_SM2 -ASN1_OCTET_STRING v; +ASN1_OCTET_STRING *v; -v.data = sm2id; -v.length = sm2idlen; +v = ASN1_OCTET_STRING_new(); +if (v == NULL) { +BIO_printf(bio_err, "error: SM2 ID allocation failed\n"); +goto end; +} -X509_set_sm2_id(x, ); +if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) { +BIO_printf(bio_err, "error: setting SM2 ID failed\n"); +ASN1_OCTET_STRING_free(v); +goto end; +} + +X509_set0_sm2_id(x, v); #endif } csc = X509_STORE_CTX_new(); if (csc == NULL) { -printf("error %s: X.509 store context allocation failed\n", - (file == NULL) ? "stdin" : file); +BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n", + (file == NULL) ? "stdin" : file); goto end; } X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { X509_STORE_CTX_free(csc); -printf("error %s: X.509 store context initialization failed\n", - (file == NULL) ? "stdin" : file); +BIO_printf(bio_err, + "error %s: X.509 store context initialization failed\n", + (file == NULL) ? "stdin" : file); goto end; } if (tchain != NULL) @@ -275,28 +285,30 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) { -printf("%s: OK\n", (file == NULL) ? "stdin" : file); +BIO_printf(bio_out, "%s: OK\n", (file == NULL) ? "stdin" : file); ret = 1; if (show_chain) { int j; chain = X509_STORE_CTX_get1_chain(csc); num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); -printf("Chain:\n"); +BIO_printf(bio_out, "Chain:\n"); for (j = 0; j < sk_X509_num(chain); j++) { X509 *cert = sk_X509_value(chain, j); -printf("depth=%d: ", j); +BIO_printf(bio_out, "depth=%d: ", j); X509_NAME_print_ex_fp(stdout, X509_get_subject_name(cert), 0, get_nameopt()); if (j < num_untrusted) -printf(" (untrusted)"); -printf("\n"); +BIO_printf(bio_out, " (untrusted)"); +BIO_printf(bio_out, "\n"); } sk_X509_pop_free(chain, X509_free); } } else { -printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file); +BIO_printf(bio_err, + "error %s: verification failed\n", + (file == NULL) ? "stdin" : file); } X509_STORE_CTX_free(csc); diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 93f923e..7c40b15 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -184,7 +184,7 @@ struct x509_st { CRYPTO_RWLOCK *lock; volatile int ex_cached; # ifndef OPENSSL_NO_SM2 -ASN1_OCTET_STRING sm2_id; +ASN1_OCTET_STRING *sm2_id; # endif } /* X509 */ ; diff --git a/crypto/x509/x_all.c
Still Failing: openssl/openssl#24636 (master - bbcaef6)
Build Update for openssl/openssl - Build: #24636 Status: Still Failing Duration: 18 mins and 14 secs Commit: bbcaef6 (master) Author: Richard Levitte Message: test/params_test.c : Adjust tests to check utf8_ptr sizes Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8703) View the changeset: https://github.com/openssl/openssl/compare/b926f9deb3dc...bbcaef632440 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517756906?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via bbcaef632440067d173e2c4bfc40dd96ef2c0112 (commit) via f55ed701a458e3b3840a5d8c8dd3019d7d71a26f (commit) from b926f9deb3dc79d00f0a989370e95867516a3a17 (commit) - Log - commit bbcaef632440067d173e2c4bfc40dd96ef2c0112 Author: Richard Levitte Date: Tue Apr 9 13:16:16 2019 +0200 test/params_test.c : Adjust tests to check utf8_ptr sizes Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8703) commit f55ed701a458e3b3840a5d8c8dd3019d7d71a26f Author: Richard Levitte Date: Tue Apr 9 08:31:09 2019 +0200 Params API: {utf8,octet}_ptr need to know the data size When the purpose is to pass parameters to a setter function, that setter function needs to know the size of the data passed. This remains true for the pointer data types as well. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8703) --- Summary of changes: crypto/params.c | 8 doc/man3/OSSL_PARAM_TYPE.pod | 19 +-- include/openssl/params.h | 4 ++-- test/params_api_test.c | 4 ++-- test/params_test.c | 32 +--- 5 files changed, 46 insertions(+), 21 deletions(-) diff --git a/crypto/params.c b/crypto/params.c index 8b75e04..bdb1fa9 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -580,15 +580,15 @@ int OSSL_PARAM_set_octet_ptr(const OSSL_PARAM *p, const void *val, } OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, - size_t *rsize) + size_t bsize, size_t *rsize) { -return ossl_param_construct(key, OSSL_PARAM_UTF8_PTR, buf, 0, rsize); +return ossl_param_construct(key, OSSL_PARAM_UTF8_PTR, buf, bsize, rsize); } OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, - size_t *rsize) + size_t bsize, size_t *rsize) { -return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, 0, rsize); +return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, bsize, rsize); } OSSL_PARAM OSSL_PARAM_construct_end(void) diff --git a/doc/man3/OSSL_PARAM_TYPE.pod b/doc/man3/OSSL_PARAM_TYPE.pod index dd887f3..4585f25 100644 --- a/doc/man3/OSSL_PARAM_TYPE.pod +++ b/doc/man3/OSSL_PARAM_TYPE.pod @@ -44,9 +44,9 @@ OSSL_PARAM_set_octet_ptr OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, - size_t *rsize); + size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, - size_t *rsize); + size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_end(void); OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key); @@ -173,13 +173,13 @@ size B is created. OSSL_PARAM_construct_utf8_ptr() is a function that constructes a UTF string pointer OSSL_PARAM structure. -A parameter with name B, storage pointer B<*buf> and return size B -is created. +A parameter with name B, storage pointer B<*buf>, size B and +return size B is created. OSSL_PARAM_construct_octet_ptr() is a function that constructes an OCTET string pointer OSSL_PARAM structure. -A parameter with name B, storage pointer B<*buf> and return size B -is created. +A parameter with name B, storage pointer B<*buf>, size B and +return size B is created. OSSL_PARAM_construct_end() is a function that constructs the terminating OSSL_PARAM structure. @@ -254,6 +254,13 @@ Integral types will be widened and sign extended as required. Apart from that, the functions must be used appropriately for the expected type of the parameter. +For OSSL_PARAM_get_utf8_ptr() and OSSL_PARAM_get_octet_ptr(), B +is not relevant if the purpose is to send the B array to a +I, i.e. to get parameter data back. +In that case, B can safely be given zero. +See L for further information on the +possible purposes. + =head1 EXAMPLES Reusing the examples from L to just show how diff --git a/include/openssl/params.h b/include/openssl/params.h index cf9ffa8..aea24bb 100644 --- a/include/openssl/params.h +++ b/include/openssl/params.h @@ -132,11 +132,11 @@ OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf, OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, -
Still Failing: openssl/openssl#24632 (OpenSSL_1_1_1-stable - 0c45bd8)
Build Update for openssl/openssl - Build: #24632 Status: Still Failing Duration: 24 mins and 20 secs Commit: 0c45bd8 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) (cherry picked from commit b926f9deb3dc79d00f0a989370e95867516a3a17) View the changeset: https://github.com/openssl/openssl/compare/d7af859880c1...0c45bd8dae28 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517701034?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#24631 (master - b926f9d)
Build Update for openssl/openssl - Build: #24631 Status: Still Failing Duration: 26 mins and 31 secs Commit: b926f9d (master) Author: Matt Caswell Message: Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) View the changeset: https://github.com/openssl/openssl/compare/d030892312a2...b926f9deb3dc View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517700898?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment
Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: e9cfa19201 Avoid alignment problems in params API. f997e456b9 s_client starttls: fix handling of multiline reply df09b6b5f9 coverity resource leak fixes in apps/pkeyutl 61d7045bd2 fix --strict-warnings build aa447d6fdb fix --strict-warnings build Build log ended with (last 100 lines): /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: more undefined references to `__ubsan_handle_shift_out_of_bounds_abort' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:202: undefined reference to `__ubsan_handle_add_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to
Still Failing: openssl/openssl#24630 (master - d030892)
Build Update for openssl/openssl - Build: #24630 Status: Still Failing Duration: 25 mins and 13 secs Commit: d030892 (master) Author: Matt Caswell Message: Add a legacy provider and put MD2 in it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8541) View the changeset: https://github.com/openssl/openssl/compare/68ca1737ce58...d030892312a2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517696858?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#24629 (master - 68ca173)
Build Update for openssl/openssl - Build: #24629 Status: Still Failing Duration: 28 mins and 3 secs Commit: 68ca173 (master) Author: Richard Levitte Message: Configurations/10-main.conf: Don't inherit assembler in Cygwin-common The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do this. Fixes #8684 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8685) View the changeset: https://github.com/openssl/openssl/compare/195852fefc1e...68ca1737ce58 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517694802?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#24628 (master - 195852f)
Build Update for openssl/openssl - Build: #24628 Status: Still Failing Duration: 17 mins and 47 secs Commit: 195852f (master) Author: Richard Levitte Message: Params: add OSSL_PARAM_construct_end() OSSL_PARAM_END is a macro that can only be used to initialize an OSSL_PARAM array, not to assign an array element later on. For completion, we add an end constructor to facilitate that kind of assignment. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8704) View the changeset: https://github.com/openssl/openssl/compare/bb315ca71665...195852fefc1e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517694137?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 0c45bd8dae287a286583dca682eafcfa5a5d4469 (commit) from d7af859880c14fff9d46a028366ab473977d1f36 (commit) - Log - commit 0c45bd8dae287a286583dca682eafcfa5a5d4469 Author: Matt Caswell Date: Mon Apr 8 11:22:37 2019 +0100 Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) (cherry picked from commit b926f9deb3dc79d00f0a989370e95867516a3a17) --- Summary of changes: crypto/x509/x509_lu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index be39015..eaf6a8e 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -297,6 +297,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, if (ctx == NULL) return 0; +stmp.type = X509_LU_NONE; +stmp.data.ptr = NULL; + CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock);
[openssl] master update
The branch master has been updated via b926f9deb3dc79d00f0a989370e95867516a3a17 (commit) from d030892312a2e7076511205e7fe1a5eae98e5102 (commit) - Log - commit b926f9deb3dc79d00f0a989370e95867516a3a17 Author: Matt Caswell Date: Mon Apr 8 11:22:37 2019 +0100 Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) --- Summary of changes: crypto/x509/x509_lu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index fa8153d..e994633 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -297,6 +297,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, if (ctx == NULL) return 0; +stmp.type = X509_LU_NONE; +stmp.data.ptr = NULL; + CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock);
[openssl] master update
The branch master has been updated via d030892312a2e7076511205e7fe1a5eae98e5102 (commit) via dc46e3dde58c781b5f29942d787a2c8765ba5514 (commit) from 68ca1737ce58173001f2146b913388f872842f69 (commit) - Log - commit d030892312a2e7076511205e7fe1a5eae98e5102 Author: Matt Caswell Date: Fri Apr 5 10:47:05 2019 +0100 Add a legacy provider and put MD2 in it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8541) commit dc46e3dde58c781b5f29942d787a2c8765ba5514 Author: Matt Caswell Date: Wed Mar 20 17:51:29 2019 + Use the right NID when putting a method in the store When we attempt to fetch a method with a given NID we will ask the providers for it if we don't already know about it. During that process we may be told about other methods with a different NID. We need to make sure we don't confuse the two. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8541) --- Summary of changes: Configure | 6 ++- INSTALL| 4 ++ crypto/core_fetch.c| 5 +- crypto/evp/digest.c| 10 +++- crypto/evp/evp_fetch.c | 27 ++ crypto/evp/evp_locl.h | 3 +- crypto/property/property_parse.c | 1 + doc/internal/man3/evp_generic_fetch.pod| 7 ++- doc/internal/man3/ossl_method_construct.pod| 7 +-- include/internal/core.h| 4 +- providers/build.info | 11 providers/legacy/build.info| 4 ++ providers/legacy/digests/build.info| 4 ++ providers/legacy/digests/md2.c | 63 ++ providers/{fips/fipsprov.c => legacy/legacyprov.c} | 36 +++-- test/md2test.c | 14 + test/recipes/05-test_md2.t | 5 ++ 17 files changed, 173 insertions(+), 38 deletions(-) create mode 100644 providers/legacy/build.info create mode 100644 providers/legacy/digests/build.info create mode 100644 providers/legacy/digests/md2.c copy providers/{fips/fipsprov.c => legacy/legacyprov.c} (68%) diff --git a/Configure b/Configure index 6702bc6..3b7ca36 100755 --- a/Configure +++ b/Configure @@ -374,6 +374,7 @@ my @disablables = ( "fuzz-afl", "gost", "idea", +"legacy", "makedepend", "md2", "md4", @@ -513,7 +514,7 @@ my @disable_cascades = ( # or modules. "pic" => [ "shared", "module" ], -"module"=> [ "fips" ], +"module"=> [ "fips", "legacy" ], "engine"=> [ grep /eng$/, @disablables ], "hw"=> [ "padlockeng" ], @@ -532,6 +533,7 @@ my @disable_cascades = ( sub { !$disabled{"msan"} } => [ "asm" ], sub { $disabled{cmac}; } => [ "siv" ], +"legacy" => [ "md2" ], ); # Avoid protocol support holes. Also disable all versions below N, if version @@ -1226,7 +1228,7 @@ foreach my $what (sort keys %disabled) { if (!grep { $what eq $_ } ( 'buildtest-c++', 'fips', 'threads', 'shared', 'module', 'pic', 'dynamic-engine', 'makedepend', -'zlib-dynamic', 'zlib', 'sse2' )) { +'zlib-dynamic', 'zlib', 'sse2', 'legacy' )) { (my $WHAT = uc $what) =~ s|-|_|g; my $skipdir = $what; diff --git a/INSTALL b/INSTALL index c496e79..50722a1 100644 --- a/INSTALL +++ b/INSTALL @@ -409,6 +409,10 @@ available if the GOST algorithms are also available through loading an externally supplied engine. + no-legacy + Don't build the legacy provider. Disabling this also disables + the legacy algorithms: MD2 (already disabled by default). + no-makedepend Don't generate dependencies. diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index d38e132..2c4b0d7 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -35,8 +35,9 @@ static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata) const OSSL_ALGORITHM *thismap = map++; void *method = NULL; -if ((method = data->mcm->construct(thismap->implementation, provider, -data->mcm_data)) == NULL) +if ((method = data->mcm->construct(thismap->algorithm_name, + thismap->implementation, provider, + data->mcm_data)) == NULL) continue;
[openssl] master update
The branch master has been updated via 68ca1737ce58173001f2146b913388f872842f69 (commit) from 195852fefc1ef090977ed3cc3334f1dfbd6bac34 (commit) - Log - commit 68ca1737ce58173001f2146b913388f872842f69 Author: Richard Levitte Date: Fri Apr 5 15:38:09 2019 +0200 Configurations/10-main.conf: Don't inherit assembler in Cygwin-common The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do this. Fixes #8684 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8685) --- Summary of changes: Configurations/10-main.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 0e3afd3..27e587f 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1431,7 +1431,7 @@ my %targets = ( Cygwin "Cygwin-common" => { -inherit_from => [ "BASE_unix", asm("x86_asm") ], +inherit_from => [ "BASE_unix" ], template => 1, CC => "gcc",
[openssl] master update
The branch master has been updated via 195852fefc1ef090977ed3cc3334f1dfbd6bac34 (commit) from bb315ca716656b7aff89f86d35988062952ccb21 (commit) - Log - commit 195852fefc1ef090977ed3cc3334f1dfbd6bac34 Author: Richard Levitte Date: Tue Apr 9 09:49:58 2019 +0200 Params: add OSSL_PARAM_construct_end() OSSL_PARAM_END is a macro that can only be used to initialize an OSSL_PARAM array, not to assign an array element later on. For completion, we add an end constructor to facilitate that kind of assignment. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8704) --- Summary of changes: crypto/params.c | 7 +++ doc/man3/OSSL_PARAM_TYPE.pod | 7 ++- include/openssl/params.h | 1 + test/params_api_test.c | 3 +-- test/params_test.c | 3 +-- util/libcrypto.num | 1 + 6 files changed, 17 insertions(+), 5 deletions(-) diff --git a/crypto/params.c b/crypto/params.c index 465bb32..8b75e04 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -590,3 +590,10 @@ OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, { return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, 0, rsize); } + +OSSL_PARAM OSSL_PARAM_construct_end(void) +{ +OSSL_PARAM end = OSSL_PARAM_END; + +return end; +} diff --git a/doc/man3/OSSL_PARAM_TYPE.pod b/doc/man3/OSSL_PARAM_TYPE.pod index 2842eae..dd887f3 100644 --- a/doc/man3/OSSL_PARAM_TYPE.pod +++ b/doc/man3/OSSL_PARAM_TYPE.pod @@ -10,7 +10,8 @@ OSSL_PARAM_SIZED_octet_ptr, OSSL_PARAM_END, OSSL_PARAM_construct_TYPE, OSSL_PARAM_END, OSSL_PARAM_construct_BN, OSSL_PARAM_construct_utf8_string, OSSL_PARAM_construct_utf8_ptr, OSSL_PARAM_construct_octet_string, -OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_locate, OSSL_PARAM_get_TYPE, +OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_construct_end, +OSSL_PARAM_locate, OSSL_PARAM_get_TYPE, OSSL_PARAM_set_TYPE, OSSL_PARAM_get_BN, OSSL_PARAM_set_BN, OSSL_PARAM_get_utf8_string, OSSL_PARAM_set_utf8_string, OSSL_PARAM_get_octet_string, OSSL_PARAM_set_octet_string, @@ -46,6 +47,7 @@ OSSL_PARAM_set_octet_ptr size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, size_t *rsize); + OSSL_PARAM OSSL_PARAM_construct_end(void); OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key); @@ -179,6 +181,9 @@ pointer OSSL_PARAM structure. A parameter with name B, storage pointer B<*buf> and return size B is created. +OSSL_PARAM_construct_end() is a function that constructs the terminating +OSSL_PARAM structure. + OSSL_PARAM_locate() is a function that searches an B of parameters for the one matching the B name. diff --git a/include/openssl/params.h b/include/openssl/params.h index 10ed28d..cf9ffa8 100644 --- a/include/openssl/params.h +++ b/include/openssl/params.h @@ -137,6 +137,7 @@ OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, size_t *rsize); +OSSL_PARAM OSSL_PARAM_construct_end(void); int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val); int OSSL_PARAM_get_uint(const OSSL_PARAM *p, unsigned int *val); diff --git a/test/params_api_test.c b/test/params_api_test.c index c78a42b..a3d2337 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -448,7 +448,6 @@ static int test_param_construct(void) void *vp, *vpn = NULL, *vp2; OSSL_PARAM *p; const OSSL_PARAM *cp; -static const OSSL_PARAM pend = OSSL_PARAM_END; int i, n = 0, ret = 0; unsigned int u; long int l; @@ -478,7 +477,7 @@ static int test_param_construct(void) ); params[n++] = OSSL_PARAM_construct_utf8_ptr("utf8ptr", , ); params[n++] = OSSL_PARAM_construct_octet_ptr("octptr", , ); -params[n] = pend; +params[n] = OSSL_PARAM_construct_end(); /* Search failure */ if (!TEST_ptr_null(OSSL_PARAM_locate(params, "fnord"))) diff --git a/test/params_test.c b/test/params_test.c index 338e6b2..8d456bb 100644 --- a/test/params_test.c +++ b/test/params_test.c @@ -391,7 +391,6 @@ static OSSL_PARAM *construct_api_params(void) { size_t n = 0; static OSSL_PARAM params[10]; -OSSL_PARAM param_end = OSSL_PARAM_END; params[n++] = OSSL_PARAM_construct_int("p1", _p1, NULL); params[n++] = OSSL_PARAM_construct_BN("p3", bignumbin, sizeof(bignumbin), @@ -404,7 +403,7 @@ static OSSL_PARAM *construct_api_params(void) _p6_l); params[n++] = OSSL_PARAM_construct_octet_string("foo", ,
Build completed: openssl master.24029
Build openssl master.24029 completed Commit ecad6285f6 by Richard Levitte on 4/9/2019 6:31 AM: Params API: {utf8,octet}_ptr need to know the data size Configure your notification preferences