[openssl] master update
The branch master has been updated via 105dde2528d64b4af25c241288a985fdfc27afbc (commit) from 639b53ecd82648fbb66a2ab7dabece7f15a1f730 (commit) - Log - commit 105dde2528d64b4af25c241288a985fdfc27afbc Author: Shane Lontis Date: Thu Sep 19 15:38:51 2019 +1000 Add sm4 ciphers to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9935) --- Summary of changes: crypto/evp/evp_enc.c | 5 +++ providers/common/include/internal/provider_algs.h | 7 +++ providers/default/ciphers/build.info | 5 +++ providers/default/ciphers/cipher_sm4.c | 51 ++ .../ciphers/{cipher_cast.h => cipher_sm4.h}| 15 --- providers/default/ciphers/cipher_sm4_hw.c | 43 ++ providers/default/defltprov.c | 7 +++ test/recipes/30-test_evp.t | 3 ++ test/recipes/30-test_evp_data/evpciph.txt | 31 - test/recipes/30-test_evp_data/evpciph_sm4.txt | 39 + 10 files changed, 168 insertions(+), 38 deletions(-) create mode 100644 providers/default/ciphers/cipher_sm4.c copy providers/default/ciphers/{cipher_cast.h => cipher_sm4.h} (57%) create mode 100644 providers/default/ciphers/cipher_sm4_hw.c create mode 100644 test/recipes/30-test_evp_data/evpciph_sm4.txt diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 4d6001688f..41edd0decd 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -247,6 +247,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_seed_ecb: case NID_seed_cfb128: case NID_seed_ofb128: +case NID_sm4_cbc: +case NID_sm4_ecb: +case NID_sm4_ctr: +case NID_sm4_cfb128: +case NID_sm4_ofb128: break; default: goto legacy; diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index d69b9cd4b8..aeb7c430a0 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -140,6 +140,13 @@ extern const OSSL_DISPATCH seed128cbc_functions[]; extern const OSSL_DISPATCH seed128ofb128_functions[]; extern const OSSL_DISPATCH seed128cfb128_functions[]; #endif /* OPENSSL_NO_SEED */ +#ifndef OPENSSL_NO_SM4 +extern const OSSL_DISPATCH sm4128ecb_functions[]; +extern const OSSL_DISPATCH sm4128cbc_functions[]; +extern const OSSL_DISPATCH sm4128ctr_functions[]; +extern const OSSL_DISPATCH sm4128ofb128_functions[]; +extern const OSSL_DISPATCH sm4128cfb128_functions[]; +#endif /* OPENSSL_NO_SM4 */ extern const OSSL_DISPATCH tdes_ede3_ecb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cbc_functions[]; diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info index 66ef9df68a..8f2bbae28d 100644 --- a/providers/default/ciphers/build.info +++ b/providers/default/ciphers/build.info @@ -39,4 +39,9 @@ IF[{- !$disabled{seed} -}] cipher_seed.c cipher_seed_hw.c ENDIF +IF[{- !$disabled{sm4} -}] + SOURCE[../../../libcrypto]=\ + cipher_sm4.c cipher_sm4_hw.c +ENDIF + INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/providers/default/ciphers/cipher_sm4.c b/providers/default/ciphers/cipher_sm4.c new file mode 100644 index 00..8b7c3761ca --- /dev/null +++ b/providers/default/ciphers/cipher_sm4.c @@ -0,0 +1,51 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb */ + +#include "cipher_sm4.h" +#include "internal/provider_algs.h" + +/* TODO (3.0) Figure out what flags to pass */ +#define SM4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 + +static OSSL_OP_cipher_freectx_fn sm4_freectx; +static OSSL_OP_cipher_dupctx_fn sm4_dupctx; + +static void sm4_freectx(void *vctx) +{ +PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx; + +OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *sm4_dupctx(void *ctx) +{ +PROV_SM4_CTX *in = (PROV_SM4_CTX *)ctx; +PROV_SM4_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + +if (ret == NULL) { +ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); +return NULL; +} +*ret = *in; + +return ret; +} + +/* sm4128ecb_functions */ +IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, SM4_FLAGS, 128, 128, 0, block) +/* sm4128cbc_functions */ +IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, SM4_FLAGS, 128, 128, 128, block) +/*
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: 639b53ecd8 Update fuzzing README for recent clang versions a74b2eda2f Fix strict-warnings build 682b6f6747 Fix aes ofb, cfb and cfb8 for s390x 70adc64632 Add SEED ciphers to default provider 9a92bf1bff Refactor TLS1-PRF to create the MAC contexts early 18b0042731 Add cast5 ciphers to default provider fddb1847b1 Change PARAMETER NAMES links to PARAMETERS b1cabee8ce Use PARAMETERS instead of PARAMETER NAMES for the heading for consistency. 4c04e7b1cc Fix links to functions. 54488bd914 Cleanup KDF section 1 documentation. 40526dfd92 Clean up KDF documentation in section 7. 5b5e2985f3 Add support for io_pgetevents_time64 syscall f22431f2cd Add IDEA ciphers to default provider ecae057510 Fix Compiler error/warning for windows icl build 793374c82a Fix Coverity CID:1453685 'unreachable code' in aes_xts code. d5d32e784d crypto/bn/build.info: Correct use of SSE2 definition Build log ended with (last 100 lines): 40-test_rehash.t ... ok 60-test_x509_check_cert_pkey.t . ok 60-test_x509_dup_cert.t ok 60-test_x509_store.t ... ok 60-test_x509_time.t ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ... ok 70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t . skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok
Build completed: openssl master.27840
Build openssl master.27840 completed Commit 05d7455c00 by Robbie Harwood on 9/10/2019 9:46 PM: [KDF] Add KBKDF implementation for counter-mode HMAC Configure your notification preferences
Build failed: openssl master.27839
Build openssl master.27839 failed Commit 77fa01f8ba by Robbie Harwood on 9/10/2019 9:46 PM: [KDF] Add KBKDF implementation for counter-mode HMAC Configure your notification preferences
Still Failing: openssl/openssl#28408 (master - 639b53e)
Build Update for openssl/openssl - Build: #28408 Status: Still Failing Duration: 18 mins and 36 secs Commit: 639b53e (master) Author: Brian Chen Message: Update fuzzing README for recent clang versions Recent clang versions ship with libfuzzer, so there's no need to build libfuzzer yourself. They also have a dedicated -fsanitize=fuzzer-no-link flag and no longer support the sanitize flags described in the fuzzing README. Update it to reflect all this. Fixes #8768. Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx GH: #8891 View the changeset: https://github.com/openssl/openssl/compare/a74b2eda2fcc...639b53ecd826 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586720895?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#28407 (master - a74b2ed)
Build Update for openssl/openssl - Build: #28407 Status: Still Failing Duration: 21 mins and 36 secs Commit: a74b2ed (master) Author: Patrick Steuer Message: Fix strict-warnings build ..which was broken for s390 due to 1c3ace68. Signed-off-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9937) View the changeset: https://github.com/openssl/openssl/compare/682b6f67472c...a74b2eda2fcc View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586713226?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#28406 (master - 682b6f6)
Build Update for openssl/openssl - Build: #28406 Status: Still Failing Duration: 25 mins and 18 secs Commit: 682b6f6 (master) Author: Patrick Steuer Message: Fix aes ofb, cfb and cfb8 for s390x ..which was broken since e1178600. Signed-off-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9939) View the changeset: https://github.com/openssl/openssl/compare/70adc64632dd...682b6f67472c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586711353?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 639b53ecd82648fbb66a2ab7dabece7f15a1f730 (commit) from a74b2eda2fcc386e85c6f859729631b0642c4ee6 (commit) - Log - commit 639b53ecd82648fbb66a2ab7dabece7f15a1f730 Author: Brian Chen Date: Tue May 7 04:05:44 2019 -0400 Update fuzzing README for recent clang versions Recent clang versions ship with libfuzzer, so there's no need to build libfuzzer yourself. They also have a dedicated -fsanitize=fuzzer-no-link flag and no longer support the sanitize flags described in the fuzzing README. Update it to reflect all this. Fixes #8768. Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx GH: #8891 --- Summary of changes: fuzz/README.md | 75 +- 1 file changed, 43 insertions(+), 32 deletions(-) diff --git a/fuzz/README.md b/fuzz/README.md index 8e7c48d45e..dadf874691 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -3,57 +3,68 @@ LibFuzzer = -Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html). +How to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html), +starting from a vanilla+OpenSSH server Ubuntu install. -Starting from a vanilla+OpenSSH server Ubuntu install. +With `clang` from a package manager +--- -Use Chrome's handy recent build of clang. Older versions may also work. +Install `clang`, which [ships with `libfuzzer`](http://llvm.org/docs/LibFuzzer.html#fuzzer-usage) +since version 6.0: -$ sudo apt-get install git -$ mkdir git-work -$ git clone https://chromium.googlesource.com/chromium/src/tools/clang -$ clang/scripts/update.py +$ sudo apt-get install clang -You may want to git pull and re-run the update from time to time. - -Update your path: - -$ PATH=~/third_party/llvm-build/Release+Asserts/bin/:$PATH - -Get and build libFuzzer (there is a git mirror at -https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer): - -$ cd -$ sudo apt-get install subversion -$ mkdir svn-work -$ cd svn-work -$ svn co https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer Fuzzer -$ cd Fuzzer -$ clang++ -c -g -O2 -std=c++11 *.cpp -$ ar r libFuzzer.a *.o -$ ranlib libFuzzer.a - -Configure for fuzzing: +Configure `openssl` for fuzzing. For now, you'll still need to pass in the path +to the `libFuzzer` library file while configuring; this is represented as +`$PATH_TO_LIBFUZZER` below. A typical value would be +`/usr/lib/llvm-6.0/lib/clang/6.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a`. $ CC=clang ./config enable-fuzz-libfuzzer \ ---with-fuzzer-include=../../svn-work/Fuzzer \ ---with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer.a \ +--with-fuzzer-lib=$PATH_TO_LIBFUZZER \ -DPEDANTIC enable-asan enable-ubsan no-shared \ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ --fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp \ -enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 \ +-fsanitize=fuzzer-no-link \ +enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ enable-weak-ssl-ciphers enable-rc5 enable-md2 \ enable-ssl3 enable-ssl3-method enable-nextprotoneg \ --debug + +Compile: + $ sudo apt-get install make $ LDCMD=clang++ make -j + +Finally, perform the actual fuzzing: + $ fuzz/helper.py $FUZZER -Where $FUZZER is one of the executables in `fuzz/`. +where $FUZZER is one of the executables in `fuzz/`. If you get a crash, you should find a corresponding input file in `fuzz/corpora/$FUZZER-crash/`. +With `clang` from source/pre-built binaries +--- + +You may also wish to use a pre-built binary from the [LLVM Download +site](http://releases.llvm.org/download.html), or to [build `clang` from +source](https://clang.llvm.org/get_started.html). After adding `clang` to your +path and locating the `libfuzzer` library file, the procedure for configuring +fuzzing is the same, except that you also need to specify +a `--with-fuzzer-include` option, which should be the parent directory of the +prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below. + +$ CC=clang ./config enable-fuzz-libfuzzer \ +--with-fuzzer-include=$PATH_TO_LIBFUZZER_DIR \ +--with-fuzzer-lib=$PATH_TO_LIBFUZZER \ +-DPEDANTIC enable-asan enable-ubsan no-shared \ +-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ +-fsanitize=fuzzer-no-link \ +enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ +enable-weak-ssl-ciphers enable-rc5 enable-md2 \ +enable-ssl3
[openssl] master update
The branch master has been updated via a74b2eda2fcc386e85c6f859729631b0642c4ee6 (commit) from 682b6f67472c22ad2e750c3398d0c49b13c7f5dd (commit) - Log - commit a74b2eda2fcc386e85c6f859729631b0642c4ee6 Author: Patrick Steuer Date: Wed Sep 18 15:46:39 2019 +0200 Fix strict-warnings build ..which was broken for s390 due to 1c3ace68. Signed-off-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9937) --- Summary of changes: providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc b/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc index ceb733db59..44c3bf332d 100644 --- a/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc +++ b/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc @@ -97,10 +97,7 @@ static int s390x_aes_gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag) memcpy(tag, kma->t.b, ctx->taglen); rc = 1; } else { -if (ctx->taglen < 0) -rc = 0; -else -rc = (CRYPTO_memcmp(tag, kma->t.b, ctx->taglen) == 0); +rc = (CRYPTO_memcmp(tag, kma->t.b, ctx->taglen) == 0); } return rc; }
[openssl] master update
The branch master has been updated via 682b6f67472c22ad2e750c3398d0c49b13c7f5dd (commit) from 70adc64632dde9359c8c1c23d01ef7f68d51382e (commit) - Log - commit 682b6f67472c22ad2e750c3398d0c49b13c7f5dd Author: Patrick Steuer Date: Wed Sep 18 20:43:02 2019 +0200 Fix aes ofb, cfb and cfb8 for s390x ..which was broken since e1178600. Signed-off-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9939) --- Summary of changes: providers/common/ciphers/cipher_aes_hw_s390x.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/providers/common/ciphers/cipher_aes_hw_s390x.inc b/providers/common/ciphers/cipher_aes_hw_s390x.inc index cefaa1c583..805fa91e5f 100644 --- a/providers/common/ciphers/cipher_aes_hw_s390x.inc +++ b/providers/common/ciphers/cipher_aes_hw_s390x.inc @@ -55,7 +55,7 @@ static int s390x_aes_ofb128_initkey(PROV_CIPHER_CTX *dat, { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; -memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize); +memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen); memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); adat->plat.s390x.fc = S390X_AES_FC(keylen); adat->plat.s390x.res = 0; @@ -114,7 +114,7 @@ static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat, adat->plat.s390x.fc |= S390X_DECRYPT; adat->plat.s390x.res = 0; -memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize); +memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen); memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); return 1; } @@ -175,7 +175,7 @@ static int s390x_aes_cfb8_initkey(PROV_CIPHER_CTX *dat, if (!dat->enc) adat->plat.s390x.fc |= S390X_DECRYPT; -memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize); +memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen); memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); return 1; }
Still Failing: openssl/openssl#28399 (master - 70adc64)
Build Update for openssl/openssl - Build: #28399 Status: Still Failing Duration: 20 mins and 13 secs Commit: 70adc64 (master) Author: Shane Lontis Message: Add SEED ciphers to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9932) View the changeset: https://github.com/openssl/openssl/compare/9a92bf1bffad...70adc64632dd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586509651?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 70adc64632dde9359c8c1c23d01ef7f68d51382e (commit) from 9a92bf1bffad15ede5ac97d1f1705c3e2c249a98 (commit) - Log - commit 70adc64632dde9359c8c1c23d01ef7f68d51382e Author: Shane Lontis Date: Wed Sep 18 22:13:59 2019 +1000 Add SEED ciphers to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9932) --- Summary of changes: crypto/evp/evp_enc.c | 4 + providers/common/include/internal/provider_algs.h | 6 + providers/default/ciphers/build.info | 5 + providers/default/ciphers/cipher_seed.c| 49 .../ciphers/{cipher_cast.h => cipher_seed.h} | 16 +- providers/default/ciphers/cipher_seed_hw.c | 36 +++ providers/default/defltprov.c | 6 + test/recipes/30-test_evp.t | 3 + test/recipes/30-test_evp_data/evpciph.txt | 50 test/recipes/30-test_evp_data/evpciph_seed.txt | 313 + 10 files changed, 430 insertions(+), 58 deletions(-) create mode 100644 providers/default/ciphers/cipher_seed.c copy providers/default/ciphers/{cipher_cast.h => cipher_seed.h} (57%) create mode 100644 providers/default/ciphers/cipher_seed_hw.c create mode 100644 test/recipes/30-test_evp_data/evpciph_seed.txt diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 383480b737..4d6001688f 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -243,6 +243,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_cast5_ecb: case NID_cast5_cfb64: case NID_cast5_ofb64: +case NID_seed_cbc: +case NID_seed_ecb: +case NID_seed_cfb128: +case NID_seed_ofb128: break; default: goto legacy; diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index 560a967562..d69b9cd4b8 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -134,6 +134,12 @@ extern const OSSL_DISPATCH cast5128cbc_functions[]; extern const OSSL_DISPATCH cast564ofb64_functions[]; extern const OSSL_DISPATCH cast564cfb64_functions[]; #endif /* OPENSSL_NO_CAST */ +#ifndef OPENSSL_NO_SEED +extern const OSSL_DISPATCH seed128ecb_functions[]; +extern const OSSL_DISPATCH seed128cbc_functions[]; +extern const OSSL_DISPATCH seed128ofb128_functions[]; +extern const OSSL_DISPATCH seed128cfb128_functions[]; +#endif /* OPENSSL_NO_SEED */ extern const OSSL_DISPATCH tdes_ede3_ecb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cbc_functions[]; diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info index 05e45553f9..66ef9df68a 100644 --- a/providers/default/ciphers/build.info +++ b/providers/default/ciphers/build.info @@ -34,4 +34,9 @@ IF[{- !$disabled{cast} -}] cipher_cast5.c cipher_cast5_hw.c ENDIF +IF[{- !$disabled{seed} -}] + SOURCE[../../../libcrypto]=\ + cipher_seed.c cipher_seed_hw.c +ENDIF + INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/providers/default/ciphers/cipher_seed.c b/providers/default/ciphers/cipher_seed.c new file mode 100644 index 00..5dfa648c96 --- /dev/null +++ b/providers/default/ciphers/cipher_seed.c @@ -0,0 +1,49 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for Seed cipher modes ecb, cbc, ofb, cfb */ + +#include "cipher_seed.h" +#include "internal/provider_algs.h" + +/* TODO (3.0) Figure out what flags are required */ +#define SEED_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 + +static OSSL_OP_cipher_freectx_fn seed_freectx; +static OSSL_OP_cipher_dupctx_fn seed_dupctx; + +static void seed_freectx(void *vctx) +{ +PROV_SEED_CTX *ctx = (PROV_SEED_CTX *)vctx; + +OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *seed_dupctx(void *ctx) +{ +PROV_SEED_CTX *in = (PROV_SEED_CTX *)ctx; +PROV_SEED_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + +if (ret == NULL) { +ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); +return NULL; +} +*ret = *in; + +return ret; +} + +/* seed128ecb_functions */ +IMPLEMENT_generic_cipher(seed, SEED, ecb, ECB, SEED_FLAGS, 128, 128, 0, block) +/* seed128cbc_functions */ +IMPLEMENT_generic_cipher(seed, SEED, cbc, CBC, SEED_FLAGS, 128, 128, 128, block) +/* seed128ofb128_functions */ +IMPLEMENT_generic_cipher(seed, SEED, ofb128, OFB, SEED_FLAGS,
Still Failing: openssl/openssl#28398 (master - 9a92bf1)
Build Update for openssl/openssl - Build: #28398 Status: Still Failing Duration: 23 mins and 20 secs Commit: 9a92bf1 (master) Author: Richard Levitte Message: Refactor TLS1-PRF to create the MAC contexts early The TLS1-PRF implementation fetched the digest(s) for the underlying MAC, just to get their names and pass those down to the MAC, which in turn would fetch those same digests again. This change circumvents this by fetching the MAC (or MACs in the MD5-SHA1 special case) and create the MAC contexts for them directly when this PRF receives the relevant parameters, thus only having to pass EVP_MAC_CTX pointers around. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9930) View the changeset: https://github.com/openssl/openssl/compare/18b0042731c7...9a92bf1bffad View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586489956?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-pic
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-pic Commit log since last time: dbcc7b4567 apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present 8c95977fbf Fix Solaris aes_hw_t4 compile issue Build log ended with (last 100 lines): 40-test_rehash.t ... ok 60-test_x509_check_cert_pkey.t . ok 60-test_x509_dup_cert.t ok 60-test_x509_store.t ... ok 60-test_x509_time.t ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ... ok 70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t . skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t skipped: Test only supported in a shared build 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok
[openssl] master update
The branch master has been updated via 9a92bf1bffad15ede5ac97d1f1705c3e2c249a98 (commit) from 18b0042731c739855cddf1f296b0b5a536ef88a3 (commit) - Log - commit 9a92bf1bffad15ede5ac97d1f1705c3e2c249a98 Author: Richard Levitte Date: Wed Sep 18 11:49:55 2019 +0200 Refactor TLS1-PRF to create the MAC contexts early The TLS1-PRF implementation fetched the digest(s) for the underlying MAC, just to get their names and pass those down to the MAC, which in turn would fetch those same digests again. This change circumvents this by fetching the MAC (or MACs in the MD5-SHA1 special case) and create the MAC contexts for them directly when this PRF receives the relevant parameters, thus only having to pass EVP_MAC_CTX pointers around. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9930) --- Summary of changes: providers/common/kdfs/tls1_prf.c | 138 +++ 1 file changed, 80 insertions(+), 58 deletions(-) diff --git a/providers/common/kdfs/tls1_prf.c b/providers/common/kdfs/tls1_prf.c index 2c5e24b403..0acdcdf3b8 100644 --- a/providers/common/kdfs/tls1_prf.c +++ b/providers/common/kdfs/tls1_prf.c @@ -68,7 +68,7 @@ static OSSL_OP_kdf_derive_fn kdf_tls1_prf_derive; static OSSL_OP_kdf_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params; static OSSL_OP_kdf_set_ctx_params_fn kdf_tls1_prf_set_ctx_params; -static int tls1_prf_alg(const EVP_MD *md, const EVP_MD *sha1, +static int tls1_prf_alg(EVP_MAC_CTX *mdctx, EVP_MAC_CTX *sha1ctx, const unsigned char *sec, size_t slen, const unsigned char *seed, size_t seed_len, unsigned char *out, size_t olen); @@ -78,10 +78,12 @@ static int tls1_prf_alg(const EVP_MD *md, const EVP_MD *sha1, /* TLS KDF kdf context structure */ typedef struct { void *provctx; -/* Digest to use for PRF */ -PROV_DIGEST digest; -/* Second digest for the MD5/SHA-1 combined PRF */ -PROV_DIGEST sha1; + +/* MAC context for the main digest */ +EVP_MAC_CTX *P_hash; +/* MAC context for SHA1 for the MD5/SHA-1 combined PRF */ +EVP_MAC_CTX *P_sha1; + /* Secret value to use for PRF */ unsigned char *sec; size_t seclen; @@ -112,8 +114,8 @@ static void kdf_tls1_prf_reset(void *vctx) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; -ossl_prov_digest_reset(>sha1); -ossl_prov_digest_reset(>digest); +EVP_MAC_CTX_free(ctx->P_hash); +EVP_MAC_CTX_free(ctx->P_sha1); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); memset(ctx, 0, sizeof(*ctx)); @@ -123,9 +125,8 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; -const EVP_MD *md = ossl_prov_digest_md(>digest); -if (md == NULL) { +if (ctx->P_hash == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } @@ -137,38 +138,73 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SEED); return 0; } -return tls1_prf_alg(md, ossl_prov_digest_md(>sha1), + +return tls1_prf_alg(ctx->P_hash, ctx->P_sha1, ctx->sec, ctx->seclen, ctx->seed, ctx->seedlen, key, keylen); } +static EVP_MAC_CTX *kdf_tls1_prf_mkmacctx(OPENSSL_CTX *libctx, + const char *mdname, + const OSSL_PARAM params[]) +{ +const OSSL_PARAM *p; +OSSL_PARAM mac_params[5], *mp = mac_params; +const char *properties = NULL; +/* TODO(3.0) rethink "flags", also see hmac.c in providers */ +int mac_flags = EVP_MD_CTX_FLAG_NON_FIPS_ALLOW; +EVP_MAC_CTX *macctx = NULL; + +*mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + (char *)mdname, 0); +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ENGINE)) != NULL) +*mp++ = *p; +#endif +if ((p = OSSL_PARAM_locate_const(params, + OSSL_KDF_PARAM_PROPERTIES)) != NULL) { +properties = p->data; +*mp++ = *p; +} +*mp++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FLAGS, _flags); +*mp = OSSL_PARAM_construct_end(); + +/* Implicit fetch */ +{ +EVP_MAC *mac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_HMAC, properties); + +macctx = EVP_MAC_CTX_new(mac); +/* The context holds on to the MAC */ +EVP_MAC_free(mac); +if (macctx == NULL) +goto err; +} + +if
Still Failing: openssl/openssl#28392 (master - 18b0042)
Build Update for openssl/openssl - Build: #28392 Status: Still Failing Duration: 24 mins and 8 secs Commit: 18b0042 (master) Author: Shane Lontis Message: Add cast5 ciphers to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9929) View the changeset: https://github.com/openssl/openssl/compare/fddb1847b1d5...18b0042731c7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586443337?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: dbcc7b4567 apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present 8c95977fbf Fix Solaris aes_hw_t4 compile issue Build log ended with (last 100 lines): 40-test_rehash.t ... ok 60-test_x509_check_cert_pkey.t . ok 60-test_x509_dup_cert.t ok 60-test_x509_store.t ... ok 60-test_x509_time.t ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ... ok 70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t . skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t skipped: Test only supported in a shared build 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t .
Still Failing: openssl/openssl#28391 (master - fddb184)
Build Update for openssl/openssl - Build: #28391 Status: Still Failing Duration: 22 mins and 49 secs Commit: fddb184 (master) Author: Pauli Message: Change PARAMETER NAMES links to PARAMETERS Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9905) View the changeset: https://github.com/openssl/openssl/compare/5b5e2985f355...fddb1847b1d5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586435481?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 18b0042731c739855cddf1f296b0b5a536ef88a3 (commit) from fddb1847b1d53ead95678cbe21004c03c88d506d (commit) - Log - commit 18b0042731c739855cddf1f296b0b5a536ef88a3 Author: Shane Lontis Date: Wed Sep 18 18:55:11 2019 +1000 Add cast5 ciphers to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9929) --- Summary of changes: crypto/evp/evp_enc.c | 4 + providers/common/include/internal/provider_algs.h | 6 + providers/default/ciphers/build.info | 5 + .../ciphers/{cipher_idea.h => cipher_cast.h} | 16 +- providers/default/ciphers/cipher_cast5.c | 46 +++ providers/default/ciphers/cipher_cast5_hw.c| 36 ++ providers/default/defltprov.c | 6 + test/recipes/30-test_evp.t | 3 + test/recipes/30-test_evp_data/evpciph_cast5.txt| 385 + 9 files changed, 499 insertions(+), 8 deletions(-) copy providers/default/ciphers/{cipher_idea.h => cipher_cast.h} (56%) create mode 100644 providers/default/ciphers/cipher_cast5.c create mode 100644 providers/default/ciphers/cipher_cast5_hw.c create mode 100644 test/recipes/30-test_evp_data/evpciph_cast5.txt diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index b0eff2d528..383480b737 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -239,6 +239,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_idea_ecb: case NID_idea_cfb64: case NID_idea_ofb64: +case NID_cast5_cbc: +case NID_cast5_ecb: +case NID_cast5_cfb64: +case NID_cast5_ofb64: break; default: goto legacy; diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index 9e0a96e9ad..560a967562 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -128,6 +128,12 @@ extern const OSSL_DISPATCH idea128cbc_functions[]; extern const OSSL_DISPATCH idea128ofb64_functions[]; extern const OSSL_DISPATCH idea128cfb64_functions[]; #endif /* OPENSSL_NO_IDEA */ +#ifndef OPENSSL_NO_CAST +extern const OSSL_DISPATCH cast5128ecb_functions[]; +extern const OSSL_DISPATCH cast5128cbc_functions[]; +extern const OSSL_DISPATCH cast564ofb64_functions[]; +extern const OSSL_DISPATCH cast564cfb64_functions[]; +#endif /* OPENSSL_NO_CAST */ extern const OSSL_DISPATCH tdes_ede3_ecb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cbc_functions[]; diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info index 3722215daf..05e45553f9 100644 --- a/providers/default/ciphers/build.info +++ b/providers/default/ciphers/build.info @@ -29,4 +29,9 @@ IF[{- !$disabled{idea} -}] cipher_idea.c cipher_idea_hw.c ENDIF +IF[{- !$disabled{cast} -}] + SOURCE[../../../libcrypto]=\ + cipher_cast5.c cipher_cast5_hw.c +ENDIF + INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/providers/default/ciphers/cipher_idea.h b/providers/default/ciphers/cipher_cast.h similarity index 56% copy from providers/default/ciphers/cipher_idea.h copy to providers/default/ciphers/cipher_cast.h index 8e096bfe9f..279f92216f 100644 --- a/providers/default/ciphers/cipher_idea.h +++ b/providers/default/ciphers/cipher_cast.h @@ -7,18 +7,18 @@ * https://www.openssl.org/source/license.html */ -#include +#include #include "internal/ciphers/ciphercommon.h" -typedef struct prov_idea_ctx_st { +typedef struct prov_cast_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; -IDEA_KEY_SCHEDULE ks; +CAST_KEY ks; } ks; -} PROV_IDEA_CTX; +} PROV_CAST_CTX; -const PROV_CIPHER_HW *PROV_CIPHER_HW_idea_cbc(size_t keybits); -const PROV_CIPHER_HW *PROV_CIPHER_HW_idea_ecb(size_t keybits); -const PROV_CIPHER_HW *PROV_CIPHER_HW_idea_ofb64(size_t keybits); -const PROV_CIPHER_HW *PROV_CIPHER_HW_idea_cfb64(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_cbc(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_ecb(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_ofb64(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_cfb64(size_t keybits); diff --git a/providers/default/ciphers/cipher_cast5.c b/providers/default/ciphers/cipher_cast5.c new file mode 100644 index 00..13d48ea091 --- /dev/null +++ b/providers/default/ciphers/cipher_cast5.c @@ -0,0 +1,46 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You
[openssl] master update
The branch master has been updated via fddb1847b1d53ead95678cbe21004c03c88d506d (commit) via b1cabee8ce63e73f0116e501cd0933ace3cdec88 (commit) via 4c04e7b1cc14d98fe79acb647e4ad1cf1b8114b5 (commit) via 54488bd914ee344d55dc75d9df71ce9a5ad3da49 (commit) via 40526dfd92817fd1fdd8e4adc9065c02c7807818 (commit) from 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc (commit) - Log - commit fddb1847b1d53ead95678cbe21004c03c88d506d Author: Pauli Date: Tue Sep 17 08:46:49 2019 +1000 Change PARAMETER NAMES links to PARAMETERS Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9905) commit b1cabee8ce63e73f0116e501cd0933ace3cdec88 Author: Pauli Date: Tue Sep 17 08:45:38 2019 +1000 Use PARAMETERS instead of PARAMETER NAMES for the heading for consistency. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9905) commit 4c04e7b1cc14d98fe79acb647e4ad1cf1b8114b5 Author: Pauli Date: Tue Sep 17 08:44:15 2019 +1000 Fix links to functions. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9905) commit 54488bd914ee344d55dc75d9df71ce9a5ad3da49 Author: Pauli Date: Mon Sep 16 09:07:32 2019 +1000 Cleanup KDF section 1 documentation. Remove reference to EVP_KDF_ctrl_str and replace it with EVP_KDF_CTX_set_params. Add missing links, and specify two extra KDFs. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9905) commit 40526dfd92817fd1fdd8e4adc9065c02c7807818 Author: Pauli Date: Mon Sep 16 08:59:10 2019 +1000 Clean up KDF documentation in section 7. The EVP_KDF_ctrl function doesn't exist anymore and have been replaced by EVP_KDF_CTX_set_params. The EVP_KDF_new_id function doesn't exist either and EVP_KDF_new should be used instead. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9905) --- Summary of changes: doc/man1/openssl-kdf.pod | 25 ++--- doc/man3/EVP_KDF.pod | 2 +- doc/man3/EVP_MAC.pod | 2 +- doc/man7/EVP_KDF-HKDF.pod | 16 doc/man7/EVP_KDF-PBKDF2.pod | 12 ++-- doc/man7/EVP_KDF-SCRYPT.pod | 14 +++--- doc/man7/EVP_KDF-SS.pod | 12 ++-- doc/man7/EVP_KDF-SSHKDF.pod | 14 +++--- doc/man7/EVP_KDF-TLS1_PRF.pod | 12 ++-- doc/man7/EVP_KDF-X942.pod | 12 ++-- doc/man7/EVP_KDF-X963.pod | 14 +++--- doc/man7/EVP_MAC-BLAKE2.pod | 4 ++-- doc/man7/EVP_MAC-CMAC.pod | 4 ++-- doc/man7/EVP_MAC-GMAC.pod | 4 ++-- doc/man7/EVP_MAC-HMAC.pod | 4 ++-- doc/man7/EVP_MAC-KMAC.pod | 4 ++-- doc/man7/EVP_MAC-Poly1305.pod | 4 ++-- doc/man7/EVP_MAC-Siphash.pod | 4 ++-- 18 files changed, 83 insertions(+), 80 deletions(-) diff --git a/doc/man1/openssl-kdf.pod b/doc/man1/openssl-kdf.pod index a2b0f25d25..2b14eaadc4 100644 --- a/doc/man1/openssl-kdf.pod +++ b/doc/man1/openssl-kdf.pod @@ -42,9 +42,9 @@ Output the derived key in binary form. Uses hexadecimal text format if not speci =item B<-kdfopt> I Passes options to the KDF algorithm. -A comprehensive list of controls can be found in the EVP_KDF_CTX implementation -documentation. -Common control strings used by EVP_KDF_ctrl_str() are: +A comprehensive list of parameters can be found in the EVP_KDF_CTX +implementation documentation. +Common parameter names used by EVP_KDF_CTX_set_params() are: =over 4 @@ -82,7 +82,8 @@ To see the list of supported digests, use the command I. =item I Specifies the name of a supported KDF algorithm which will be used. -The supported algorithms names are TLS1-PRF, HKDF, SSKDF, PBKDF2, SSHKDF and id-scrypt. +The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2, +SSHKDF, X942KDF, X963KDF and id-scrypt. =back @@ -143,14 +144,16 @@ used when building OpenSSL. =head1 SEE ALSO L, -L +L, L, -L -L -L -L -L -L +L, +L, +L, +L, +L, +L, +L, +L =head1 HISTORY diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 2770c9534f..9b88baad9f 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -138,7 +138,7 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -=head1 PARAMETER NAMES +=head1 PARAMETERS The standard parameter names are: diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 4d819b7544..2ab4c48fbf 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -165,7 +165,7 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given
Build completed: openssl master.27816
Build openssl master.27816 completed Commit d8c0b1462e by Pauli on 9/16/2019 10:46 PM: Change PARAMETER NAMES links to PARAMETERS Configure your notification preferences
Build failed: openssl master.27815
Build openssl master.27815 failed Commit 0aee0fc174 by Richard Levitte on 9/18/2019 6:24 AM: Refactor TLS1-PRF to just pass the digest name and associated params Configure your notification preferences
Still Failing: openssl/openssl#28388 (master - 5b5e298)
Build Update for openssl/openssl - Build: #28388 Status: Still Failing Duration: 27 mins and 36 secs Commit: 5b5e298 (master) Author: Alistair Francis Message: Add support for io_pgetevents_time64 syscall 32-bit architectures that are y2038 safe don't include syscalls that use 32-bit time_t. Instead these architectures have suffixed syscalls that always use a 64-bit time_t. In the case of the io_getevents syscall the syscall has been replaced with the io_pgetevents_time64 syscall instead. This patch changes the io_getevents() function to use the correct syscall based on the avaliable syscalls and the time_t size. We will only use the new 64-bit time_t syscall if the architecture is using a 64-bit time_t. This is to avoid having to deal with 32/64-bit conversions and relying on a 64-bit timespec struct on 32-bit time_t platforms. As of Linux 5.3 there are no 32-bit time_t architectures without __NR_io_getevents. In the future if a 32-bit time_t architecture wants to use the 64-bit syscalls we can handle the conversion. This fixes build failures on 32-bit RISC-V. Signed-off-by: Alistair Francis Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9819) View the changeset: https://github.com/openssl/openssl/compare/f22431f2cd9e...5b5e2985f355 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586398270?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated via 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc (commit) from f22431f2cd9e96cf75fd020c6e5019ff58f710cf (commit) - Log - commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Author: Alistair Francis Date: Thu Aug 29 13:56:21 2019 -0700 Add support for io_pgetevents_time64 syscall 32-bit architectures that are y2038 safe don't include syscalls that use 32-bit time_t. Instead these architectures have suffixed syscalls that always use a 64-bit time_t. In the case of the io_getevents syscall the syscall has been replaced with the io_pgetevents_time64 syscall instead. This patch changes the io_getevents() function to use the correct syscall based on the avaliable syscalls and the time_t size. We will only use the new 64-bit time_t syscall if the architecture is using a 64-bit time_t. This is to avoid having to deal with 32/64-bit conversions and relying on a 64-bit timespec struct on 32-bit time_t platforms. As of Linux 5.3 there are no 32-bit time_t architectures without __NR_io_getevents. In the future if a 32-bit time_t architecture wants to use the 64-bit syscalls we can handle the conversion. This fixes build failures on 32-bit RISC-V. Signed-off-by: Alistair Francis Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9819) --- Summary of changes: engines/e_afalg.c | 16 1 file changed, 16 insertions(+) diff --git a/engines/e_afalg.c b/engines/e_afalg.c index dacbe358cb..99516cb1bb 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -125,7 +125,23 @@ static ossl_inline int io_getevents(aio_context_t ctx, long min, long max, struct io_event *events, struct timespec *timeout) { +#if defined(__NR_io_getevents) return syscall(__NR_io_getevents, ctx, min, max, events, timeout); +#elif defined(__NR_io_pgetevents_time64) +/* Let's only support the 64 suffix syscalls for 64-bit time_t. + * This simplifies the code for us as we don't need to use a 64-bit + * version of timespec with a 32-bit time_t and handle converting + * between 64-bit and 32-bit times and check for overflows. + */ +if (sizeof(timeout->tv_sec) == 8) +return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL); +else { +errno = ENOSYS; +return -1; +} +#else +# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64." +#endif } static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
Still Failing: openssl/openssl#28383 (master - f22431f)
Build Update for openssl/openssl - Build: #28383 Status: Still Failing Duration: 23 mins and 25 secs Commit: f22431f (master) Author: Shane Lontis Message: Add IDEA ciphers to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9917) View the changeset: https://github.com/openssl/openssl/compare/ecae05751039...f22431f2cd9e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586383804?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#28382 (master - ecae057)
Build Update for openssl/openssl - Build: #28382 Status: Still Failing Duration: 30 mins and 11 secs Commit: ecae057 (master) Author: Shane Lontis Message: Fix Compiler error/warning for windows icl build Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9907) View the changeset: https://github.com/openssl/openssl/compare/793374c82abd...ecae05751039 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/586376877?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.