Errored: openssl/openssl#35907 (master - 94941ca)
Build Update for openssl/openssl - Build: #35907 Status: Errored Duration: 1 hr, 52 mins, and 6 secs Commit: 94941ca (master) Author: Miłosz Kaniewski Message: Free pre_proc_exts in SSL_free() Usually it will be freed in tls_early_post_process_client_hello(). However if a ClientHello callback will be used and will return SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello() may never come to the point where pre_proc_exts is freed. Fixes #12194 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12330) View the changeset: https://github.com/openssl/openssl/compare/69f982679ec0...94941cada254 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/173957634?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#35905 (master - 69f9826)
Build Update for openssl/openssl - Build: #35905 Status: Errored Duration: 1 hr, 48 mins, and 38 secs Commit: 69f9826 (master) Author: Pauli Message: doc: remove reference to the predecessor of SHA-1. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12322) View the changeset: https://github.com/openssl/openssl/compare/0577959ceab4...69f982679ec0 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/173951480?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command:
$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit
Commit log since last time:
0577959cea Don't forget our provider ctx when resetting
b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case
'sha1 == NULL'
0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and
tests
4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to
new X509_verify.pod
0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening
check_issued()
d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c:
candidate issuer cert cannot be the same as the subject cert 'x'
da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and
self-issed X25519 certs
4acd484d55 Make x509 -force_pubkey test case with self-issued cert more
realistic by adding CA basic constraints, CA key usage, and key IDs to the cert
and by add -partial_chain to the verify call that trusts this cert
023697870b Refactor (without semantic changes)
crypto/x509/{v3_purp.c,x509_vfy.c}
ade08735f9 Improve documentation, layout, and code comments regarding
self-issued certs etc.
5188d0d55c Fix a typo on the SSL_dup page
9beffaf695 Fix CID-1464802
2c9ba46c90 Force ssl/tls protocol flags to use stream sockets
64fdea12be rand: include the CPU source in a build.
7f791b25eb rand: fix CPU and timer sources.
3121425830 Add --fips-key configuration parameter to fipsinstall application.
Build log ended with (last 100 lines):
65-test_cmp_protect.t .. ok
65-test_cmp_server.t ... ok
65-test_cmp_status.t ... ok
65-test_cmp_vfy.t .. ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t ok
70-test_packet.t ... ok
70-test_recordlen.t ok
70-test_renegotiation.t ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t ok
70-test_sslcertstatus.t ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t ok
70-test_tls13messages.t ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t .. ok
90-test_asn1_time.t ok
90-test_async.t ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this
configuration
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via bfbf06c4d29086f1c67ed38324a2c4a9f642d291 (commit) from f924b298125010b998b33abd158ac6a057b2bc9d (commit) - Log - commit bfbf06c4d29086f1c67ed38324a2c4a9f642d291 Author: Miłosz Kaniewski Date: Tue Jun 30 21:46:38 2020 +0200 Free pre_proc_exts in SSL_free() Usually it will be freed in tls_early_post_process_client_hello(). However if a ClientHello callback will be used and will return SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello() may never come to the point where pre_proc_exts is freed. Fixes #12194 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12330) (cherry picked from commit 94941cada25433a7dca35b5b9f8cbb751ab65ab3) --- Summary of changes: ssl/ssl_lib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f6a4964ed2..433a537969 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1200,6 +1200,8 @@ void SSL_free(SSL *s) OPENSSL_free(s->ext.ocsp.resp); OPENSSL_free(s->ext.alpn); OPENSSL_free(s->ext.tls13_cookie); +if (s->clienthello != NULL) +OPENSSL_free(s->clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst);
[openssl] master update
The branch master has been updated via 94941cada25433a7dca35b5b9f8cbb751ab65ab3 (commit) from 69f982679ec0c8887a4324d8518a33808fee1cd7 (commit) - Log - commit 94941cada25433a7dca35b5b9f8cbb751ab65ab3 Author: Miłosz Kaniewski Date: Tue Jun 30 21:46:38 2020 +0200 Free pre_proc_exts in SSL_free() Usually it will be freed in tls_early_post_process_client_hello(). However if a ClientHello callback will be used and will return SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello() may never come to the point where pre_proc_exts is freed. Fixes #12194 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/12330) --- Summary of changes: ssl/ssl_lib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index fea040289b..dd83f373b2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1217,6 +1217,8 @@ void SSL_free(SSL *s) OPENSSL_free(s->ext.ocsp.resp); OPENSSL_free(s->ext.alpn); OPENSSL_free(s->ext.tls13_cookie); +if (s->clienthello != NULL) +OPENSSL_free(s->clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via f924b298125010b998b33abd158ac6a057b2bc9d (commit) from 0c3d0247a7b16cf10d6d869f34b40aa833b79fd5 (commit) - Log - commit f924b298125010b998b33abd158ac6a057b2bc9d Author: Pauli Date: Tue Jun 30 11:17:20 2020 +1000 doc: remove reference to the predecessor of SHA-1. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12322) (cherry picked from commit 69f982679ec0c8887a4324d8518a33808fee1cd7) --- Summary of changes: doc/man3/SHA256_Init.pod | 3 --- 1 file changed, 3 deletions(-) diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod index 6a8f2fa0db..52e89e526a 100644 --- a/doc/man3/SHA256_Init.pod +++ b/doc/man3/SHA256_Init.pod @@ -75,9 +75,6 @@ SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if B is NULL. -The predecessor of SHA-1, SHA, is also implemented, but it should be -used only when backward compatibility is required. - =head1 RETURN VALUES SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
[openssl] master update
The branch master has been updated via 69f982679ec0c8887a4324d8518a33808fee1cd7 (commit) from 0577959ceab4ca2a72a662ed12067da83cdbb3c7 (commit) - Log - commit 69f982679ec0c8887a4324d8518a33808fee1cd7 Author: Pauli Date: Tue Jun 30 11:17:20 2020 +1000 doc: remove reference to the predecessor of SHA-1. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12322) --- Summary of changes: doc/man3/SHA256_Init.pod | 3 --- 1 file changed, 3 deletions(-) diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod index 5aed8fa534..c8ac28de83 100644 --- a/doc/man3/SHA256_Init.pod +++ b/doc/man3/SHA256_Init.pod @@ -79,9 +79,6 @@ SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if B is NULL. -The predecessor of SHA-1, SHA, is also implemented, but it should be -used only when backward compatibility is required. - =head1 RETURN VALUES SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
Errored: openssl/openssl#35889 (master - 0577959)
Build Update for openssl/openssl - Build: #35889 Status: Errored Duration: 1 hr, 50 mins, and 15 secs Commit: 0577959 (master) Author: Matt Caswell Message: Don't forget our provider ctx when resetting A number of the KDF reset functions were resetting a little too much Fixes #12225 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12229) View the changeset: https://github.com/openssl/openssl/compare/b4cb9498c9c7...0577959ceab4 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/173847441?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Errored: openssl/openssl#35882 (master - b4cb949)
Build Update for openssl/openssl - Build: #35882 Status: Errored Duration: 1 hr, 59 mins, and 1 sec Commit: b4cb949 (master) Author: Dr. David von Oheimb Message: X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL' Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/10587) View the changeset: https://github.com/openssl/openssl/compare/5188d0d55c72...b4cb9498c9c7 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/173811239?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Build failed: openssl master.35337
Build openssl master.35337 failed Commit 8842db6be9 by Richard Levitte on 7/1/2020 9:36 AM: fixup! Configure: Check source and build dir equality a little more thoroughly Configure your notification preferences
[openssl] master update
The branch master has been updated
via 0577959ceab4ca2a72a662ed12067da83cdbb3c7 (commit)
from b4cb9498c9c76877a354316ba4246afbea178c83 (commit)
- Log -
commit 0577959ceab4ca2a72a662ed12067da83cdbb3c7
Author: Matt Caswell
Date: Mon Jun 22 11:18:56 2020 +0100
Don't forget our provider ctx when resetting
A number of the KDF reset functions were resetting a little too much
Fixes #12225
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/12229)
---
Summary of changes:
providers/implementations/kdfs/hkdf.c | 2 ++
providers/implementations/kdfs/kbkdf.c| 2 ++
providers/implementations/kdfs/krb5kdf.c | 2 ++
providers/implementations/kdfs/pbkdf2.c | 2 ++
providers/implementations/kdfs/sshkdf.c | 2 ++
providers/implementations/kdfs/sskdf.c| 2 ++
providers/implementations/kdfs/tls1_prf.c | 2 ++
providers/implementations/kdfs/x942kdf.c | 2 ++
8 files changed, 16 insertions(+)
diff --git a/providers/implementations/kdfs/hkdf.c
b/providers/implementations/kdfs/hkdf.c
index 77f4f2c8cc..0b1a6e9b7e 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -90,12 +90,14 @@ static void kdf_hkdf_free(void *vctx)
static void kdf_hkdf_reset(void *vctx)
{
KDF_HKDF *ctx = (KDF_HKDF *)vctx;
+void *provctx = ctx->provctx;
ossl_prov_digest_reset(>digest);
OPENSSL_free(ctx->salt);
OPENSSL_clear_free(ctx->key, ctx->key_len);
OPENSSL_cleanse(ctx->info, ctx->info_len);
memset(ctx, 0, sizeof(*ctx));
+ctx->provctx = provctx;
}
static size_t kdf_hkdf_size(KDF_HKDF *ctx)
diff --git a/providers/implementations/kdfs/kbkdf.c
b/providers/implementations/kdfs/kbkdf.c
index 920f0d9af3..f3f3d9a609 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -122,6 +122,7 @@ static void kbkdf_free(void *vctx)
static void kbkdf_reset(void *vctx)
{
KBKDF *ctx = (KBKDF *)vctx;
+void *provctx = ctx->provctx;
EVP_MAC_free_ctx(ctx->ctx_init);
OPENSSL_clear_free(ctx->context, ctx->context_len);
@@ -129,6 +130,7 @@ static void kbkdf_reset(void *vctx)
OPENSSL_clear_free(ctx->ki, ctx->ki_len);
OPENSSL_clear_free(ctx->iv, ctx->iv_len);
memset(ctx, 0, sizeof(*ctx));
+ctx->provctx = provctx;
}
/* SP800-108 section 5.1 or section 5.2 depending on mode. */
diff --git a/providers/implementations/kdfs/krb5kdf.c
b/providers/implementations/kdfs/krb5kdf.c
index 4ae29a24c4..25462f3c1d 100644
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -78,11 +78,13 @@ static void krb5kdf_free(void *vctx)
static void krb5kdf_reset(void *vctx)
{
KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx;
+void *provctx = ctx->provctx;
ossl_prov_cipher_reset(>cipher);
OPENSSL_clear_free(ctx->key, ctx->key_len);
OPENSSL_clear_free(ctx->constant, ctx->constant_len);
memset(ctx, 0, sizeof(*ctx));
+ctx->provctx = provctx;
}
static int krb5kdf_set_membuf(unsigned char **dst, size_t *dst_len,
diff --git a/providers/implementations/kdfs/pbkdf2.c
b/providers/implementations/kdfs/pbkdf2.c
index 6ac0783096..e6956fe155 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -95,8 +95,10 @@ static void kdf_pbkdf2_free(void *vctx)
static void kdf_pbkdf2_reset(void *vctx)
{
KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
+void *provctx = ctx->provctx;
kdf_pbkdf2_cleanup(ctx);
+ctx->provctx = provctx;
kdf_pbkdf2_init(ctx);
}
diff --git a/providers/implementations/kdfs/sshkdf.c
b/providers/implementations/kdfs/sshkdf.c
index 137299235a..72d7c607dc 100644
--- a/providers/implementations/kdfs/sshkdf.c
+++ b/providers/implementations/kdfs/sshkdf.c
@@ -72,12 +72,14 @@ static void kdf_sshkdf_free(void *vctx)
static void kdf_sshkdf_reset(void *vctx)
{
KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx;
+void *provctx = ctx->provctx;
ossl_prov_digest_reset(>digest);
OPENSSL_clear_free(ctx->key, ctx->key_len);
OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len);
OPENSSL_clear_free(ctx->session_id, ctx->session_id_len);
memset(ctx, 0, sizeof(*ctx));
+ctx->provctx = provctx;
}
static int sshkdf_set_membuf(unsigned char **dst, size_t *dst_len,
diff --git a/providers/implementations/kdfs/sskdf.c
b/providers/implementations/kdfs/sskdf.c
index 48a9e433d8..6d6e3295c8 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -302,6 +302,7 @@ static void *sskdf_new(void *provctx)
static void sskdf_reset(void *vctx)
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
+void *provctx = ctx->provctx;
EVP_MAC_free_ctx(ctx->macctx);
ossl_prov_digest_reset(>digest);
@@ -309,6 +310,7 @@ static
[openssl] master update
The branch master has been updated
via b4cb9498c9c76877a354316ba4246afbea178c83 (commit)
via 0d8dbb52e3900fdd096ca1765137958340fb8497 (commit)
via 4cec750c2f08faa7f7cdfcfa02fc4264d3c2ac95 (commit)
via 0e7b1383e138ce3fa66c5bd0ea4a9cb35487436c (commit)
via d18c7ad66aaaebe10c86127d966f5401bc414d2a (commit)
via da1f88bf53f1bb03cc9f198cfe71ef6157549eff (commit)
via 4acd484d55ac3c86091e42f81479f514d0cf8b17 (commit)
via 023697870bcd4372a142a606546253d719a81024 (commit)
via ade08735f9d0ac85d611c5abee8a1df651bbca13 (commit)
from 5188d0d55c72138dd1b65521fb73ac31902f0a52 (commit)
- Log -
commit b4cb9498c9c76877a354316ba4246afbea178c83
Author: Dr. David von Oheimb
Date: Sat Jun 27 16:16:12 2020 +0200
X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 ==
NULL'
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
commit 0d8dbb52e3900fdd096ca1765137958340fb8497
Author: Dr. David von Oheimb
Date: Sat Dec 28 12:33:12 2019 +0100
Add X509_self_signed(), extending and improving documenation and tests
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
commit 4cec750c2f08faa7f7cdfcfa02fc4264d3c2ac95
Author: Dr. David von Oheimb
Date: Sat Jun 27 17:37:34 2020 +0200
Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new
X509_verify.pod
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
commit 0e7b1383e138ce3fa66c5bd0ea4a9cb35487436c
Author: Dr. David von Oheimb
Date: Tue Dec 24 11:25:15 2019 +0100
Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening
check_issued()
Move check that cert signing is allowed from x509v3_cache_extensions() to
where it belongs: internal_verify(), generalize it for proxy cert signing.
Correct and simplify check_issued(), now checking self-issued (not:
self-signed).
Add test case to 25-test_verify.t that demonstrates successful fix
Fixes #1418
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
commit d18c7ad66aaaebe10c86127d966f5401bc414d2a
Author: Dr. David von Oheimb
Date: Tue Dec 24 10:36:24 2019 +0100
Optimization and safety precaution in find_issuer() of x509_vfy.c:
candidate issuer cert cannot be the same as the subject cert 'x'
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
commit da1f88bf53f1bb03cc9f198cfe71ef6157549eff
Author: Dr. David von Oheimb
Date: Mon Dec 23 20:23:24 2019 +0100
Add four more verify test cases on the self-signed Ed25519 and self-issed
X25519 certs
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
commit 4acd484d55ac3c86091e42f81479f514d0cf8b17
Author: Dr. David von Oheimb
Date: Mon Dec 23 20:15:49 2019 +0100
Make x509 -force_pubkey test case with self-issued cert more realistic
by adding CA basic constraints, CA key usage, and key IDs to the cert
and by add -partial_chain to the verify call that trusts this cert
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
commit 023697870bcd4372a142a606546253d719a81024
Author: Dr. David von Oheimb
Date: Mon Dec 23 17:37:17 2019 +0100
Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c}
This prepares some corrections and improves readability (coding style).
Among others, it adds the static function check_sig_alg_match() and
the internal functions x509_likely_issued() and x509_signing_allowed().
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
commit ade08735f9d0ac85d611c5abee8a1df651bbca13
Author: Dr. David von Oheimb
Date: Mon Dec 23 15:40:47 2019 +0100
Improve documentation, layout, and code comments regarding self-issued
certs etc.
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/10587)
---
Summary of changes:
apps/verify.c| 2 +-
apps/x509.c | 10 +-
crypto/cmp/cmp_util.c| 8 +-
crypto/x509/v3_purp.c| 166 ++-
crypto/x509/x509_local.h | 3 +
crypto/x509/x509_txt.c | 7 +-
crypto/x509/x509_vfy.c | 163 --
doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod | 8 +-
doc/man1/openssl-verify.pod.in | 10 +-
doc/man1/openssl.pod | 95 +++--
Build completed: openssl master.35335
Build openssl master.35335 completed Commit f0fc2ca547 by Matt Caswell on 7/1/2020 8:30 AM: Fix a typo in the i2d_TYPE_fp documentation Configure your notification preferences
Build failed: openssl master.35334
Build openssl master.35334 failed Commit 62a11d5b9b by Richard Levitte on 7/1/2020 8:06 AM: Configure: Check source and build dir equality a little more thoroughly Configure your notification preferences
