Build failed: openssl master.39965
Build openssl master.39965 failed Commit 0919d47e9b by Matt Caswell on 2/17/2021 3:34 PM: fixup! Test errors from a provider can still be accessed after unload Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: adc11e1b9c x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068 b51bed05c2 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR d44a8a16c8 apps/ca.c: Make sure ext_ctx structure gets initialized fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY e5ac413b2d Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i() 3a962b2093 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom 851b06b705 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties 68883d9db8 doc: document the two new RAND functions 335e85f542 rand: update DRBGs to use the get_entropy call for seeding 78436fd146 core: add get_entropy and clear_entropy calls to RAND e2730b8426 RNG test: add get_entropy hook for testing. 9ed185a926 RNG seed: add get_entropy hook for seeding. 381289f6c7 err: generated error files 79d68c4fb4 test: DRBG test with long seed. 574ca403c8 Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client 5b888e931b Fix propquery handling in EVP_DigestSignInit_ex 55e9d8cfff TEST: Add missing initialization c913dbd716 Update CHANGES and NEWS for new release c9fb704cf3 Don't overflow the output length in EVP_CipherUpdate calls c1ddd392cf Fix rsa_test to properly test RSA_SSLV23_PADDING d9461cbe87 Fix the RSA_SSLV23_PADDING padding type 4357b6174a Refactor rsa_test 55869f594f Test that X509_issuer_and_serial_hash doesn't crash 8130d654d1 Fix Null pointer deref in X509_issuer_and_serial_hash() c9e955dd50 Do not match RFC 5114 groups without q as it is significant 62829f9f26 README-ENGINES: fix the link to the provider API README 9dc9c7f2d7 Document the newly added function EVP_PKEY_param_check_quick() 0217e53e33 Fix the dhparam_check test 899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl aee73562d1 Run DH_check_ex() not DH_check_params_ex() when checking params 93e43f4c47 RSA: avoid dereferencing possibly-NULL parameter in initializers 63ae847679 x509_vfy: remove redundant stack allocation 99c166a1b0 Add docs for ASN1_item_sign and ASN1_item_verify functions Build log ended with (last 100 lines): 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: adc11e1b9c x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068 b51bed05c2 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR d44a8a16c8 apps/ca.c: Make sure ext_ctx structure gets initialized fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY e5ac413b2d Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i() 3a962b2093 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom 851b06b705 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties 68883d9db8 doc: document the two new RAND functions 335e85f542 rand: update DRBGs to use the get_entropy call for seeding 78436fd146 core: add get_entropy and clear_entropy calls to RAND e2730b8426 RNG test: add get_entropy hook for testing. 9ed185a926 RNG seed: add get_entropy hook for seeding. 381289f6c7 err: generated error files 79d68c4fb4 test: DRBG test with long seed. 574ca403c8 Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client 5b888e931b Fix propquery handling in EVP_DigestSignInit_ex 55e9d8cfff TEST: Add missing initialization c913dbd716 Update CHANGES and NEWS for new release c9fb704cf3 Don't overflow the output length in EVP_CipherUpdate calls c1ddd392cf Fix rsa_test to properly test RSA_SSLV23_PADDING d9461cbe87 Fix the RSA_SSLV23_PADDING padding type 4357b6174a Refactor rsa_test 55869f594f Test that X509_issuer_and_serial_hash doesn't crash 8130d654d1 Fix Null pointer deref in X509_issuer_and_serial_hash() c9e955dd50 Do not match RFC 5114 groups without q as it is significant 62829f9f26 README-ENGINES: fix the link to the provider API README 9dc9c7f2d7 Document the newly added function EVP_PKEY_param_check_quick() 0217e53e33 Fix the dhparam_check test 899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl aee73562d1 Run DH_check_ex() not DH_check_params_ex() when checking params 93e43f4c47 RSA: avoid dereferencing possibly-NULL parameter in initializers 63ae847679 x509_vfy: remove redundant stack allocation 99c166a1b0 Add docs for ASN1_item_sign and ASN1_item_verify functions Build log ended with (last 100 lines): 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: adc11e1b9c x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068 b51bed05c2 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR d44a8a16c8 apps/ca.c: Make sure ext_ctx structure gets initialized fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY e5ac413b2d Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i() 3a962b2093 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom 851b06b705 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties 68883d9db8 doc: document the two new RAND functions 335e85f542 rand: update DRBGs to use the get_entropy call for seeding 78436fd146 core: add get_entropy and clear_entropy calls to RAND e2730b8426 RNG test: add get_entropy hook for testing. 9ed185a926 RNG seed: add get_entropy hook for seeding. 381289f6c7 err: generated error files 79d68c4fb4 test: DRBG test with long seed. 574ca403c8 Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client 5b888e931b Fix propquery handling in EVP_DigestSignInit_ex 55e9d8cfff TEST: Add missing initialization c913dbd716 Update CHANGES and NEWS for new release c9fb704cf3 Don't overflow the output length in EVP_CipherUpdate calls c1ddd392cf Fix rsa_test to properly test RSA_SSLV23_PADDING d9461cbe87 Fix the RSA_SSLV23_PADDING padding type 4357b6174a Refactor rsa_test 55869f594f Test that X509_issuer_and_serial_hash doesn't crash 8130d654d1 Fix Null pointer deref in X509_issuer_and_serial_hash() c9e955dd50 Do not match RFC 5114 groups without q as it is significant 62829f9f26 README-ENGINES: fix the link to the provider API README 9dc9c7f2d7 Document the newly added function EVP_PKEY_param_check_quick() 0217e53e33 Fix the dhparam_check test 899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl aee73562d1 Run DH_check_ex() not DH_check_params_ex() when checking params 93e43f4c47 RSA: avoid dereferencing possibly-NULL parameter in initializers 63ae847679 x509_vfy: remove redundant stack allocation 99c166a1b0 Add docs for ASN1_item_sign and ASN1_item_verify functions Build log ended with (last 100 lines): 01-test_test.t . ok 02-test_errstr.t ... ok 02-test_internal_context.t . ok 02-test_internal_ctype.t ... ok 02-test_internal_keymgmt.t . ok 02-test_internal_provider.t ok 02-test_lhash.t ok 02-test_ordinals.t . ok 02-test_sparse_array.t . ok 02-test_stack.t ok 03-test_exdata.t ... ok 03-test_fipsinstall.t .. ok 03-test_internal_asn1.t ok 03-test_internal_asn1_dsa.t ok 03-test_internal_bn.t .. ok 03-test_internal_chacha.t .. ok 03-test_internal_curve448.t ok 03-test_internal_ec.t .. ok 03-test_internal_ffc.t . ok 03-test_internal_mdc2.t ok 03-test_internal_modes.t ... ok 03-test_internal_namemap.t . ok 03-test_internal_poly1305.t ok 03-test_internal_rsa_sp800_56b.t ... ok 03-test_internal_siphash.t . ok 03-test_internal_sm2.t . ok 03-test_internal_sm4.t . ok 03-test_internal_ssl_cert_table.t .. ok 03-test_internal_x509.t ok 03-test_params_api.t ... ok 03-test_property.t . ok 03-test_ui.t ... ok 04-test_asn1_decode.t .. ok 04-test_asn1_encode.t .. ok 04-test_asn1_string_table.t ok 04-test_bio_callback.t . ok 04-test_bioprint.t . ok 04-test_conf.t . ok 04-test_encoder_decoder.t .. ok 04-test_encoder_decoder_legacy.t ... ok 04-test_err.t .. ok 04-test_hexstring.t ok 04-test_param_build.t .. ok 04-test_params.t ... ok 04-test_params_conversion.t ok 04-test_pem.t .. ok 04-test_pem_read_depr.t ok 04-test_provider.t . ok 04-test_provider_fallback.t ok 05-test_bf.t ... ok 05-test_cast.t . ok 05-test_cmac.t . ok 05-test_des.t .. ok 05-test_hmac.t . ok 05-test_idea.t . ok 05-test_rand.t . ok 05-test_rc2.t .. ok 05-test_rc4.t .. ok 05-test_rc5.t .. skipped: rc5 is not supported by this OpenSSL build 06-test-rdrand.t ... ok 06-test_algorithmid.t .. ok 10-test_bn.t ... ok 10-test_exp.t .. ok 15-test_dh.t ... ok 15-test_dsa.t
Build completed: openssl master.39943
Build openssl master.39943 completed Commit 620b29a87f by Shane Lontis on 2/17/2021 7:54 AM: Fix external symbols in the provider cipher implementations. Configure your notification preferences
[openssl] master update
The branch master has been updated
via adc11e1b9cf12df3c67de165a2b42ac72266cbca (commit)
from b51bed05c2ab54a1933b5c18862e68cd4540278c (commit)
- Log -
commit adc11e1b9cf12df3c67de165a2b42ac72266cbca
Author: Dr. David von Oheimb
Date: Mon Feb 15 10:24:58 2021 +0100
x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID
1473068
Fixes: Variable "sk_untrusted" going out of scope leaks the storage it
points to.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/14187)
---
Summary of changes:
crypto/x509/x509_vfy.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4e192abec4..d5c09d28f4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3035,12 +3035,9 @@ static int build_chain(X509_STORE_CTX *ctx)
* If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add
* them to our working copy of the untrusted certificate stack.
*/
-if (DANETLS_ENABLED(dane) && dane->certs != NULL) {
-if (!X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT))
{
-sk_X509_free(sk_untrusted);
-goto memerr;
-}
-}
+if (DANETLS_ENABLED(dane) && dane->certs != NULL
+&& !X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT))
+goto memerr;
/*
* Still absurdly large, but arithmetically safe, a lower hard upper bound
@@ -3306,14 +3303,15 @@ static int build_chain(X509_STORE_CTX *ctx)
}
int_err:
-sk_X509_free(sk_untrusted);
ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
ctx->error = X509_V_ERR_UNSPECIFIED;
+sk_X509_free(sk_untrusted);
return -1;
memerr:
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
ctx->error = X509_V_ERR_OUT_OF_MEM;
+sk_X509_free(sk_untrusted);
return -1;
}
[openssl] master update
The branch master has been updated
via b51bed05c2ab54a1933b5c18862e68cd4540278c (commit)
via d44a8a16c8a2851af7f70575ff3dd23cc06f30e1 (commit)
from fe75766c9c2919f649df7b3ad209df2bc5e56dd0 (commit)
- Log -
commit b51bed05c2ab54a1933b5c18862e68cd4540278c
Author: Dr. David von Oheimb
Date: Sun Feb 14 20:25:42 2021 +0100
apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR
Also improve doc how the -reqexts option affects the CSR given with the
-csr option.
Reviewed-by: David von Oheimb
Reviewed-by: Tomas Mraz
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/14181)
commit d44a8a16c8a2851af7f70575ff3dd23cc06f30e1
Author: Dr. David von Oheimb
Date: Sun Feb 14 20:12:38 2021 +0100
apps/ca.c: Make sure ext_ctx structure gets initialized
Fixes #14175
Reviewed-by: David von Oheimb
Reviewed-by: Tomas Mraz
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/14181)
---
Summary of changes:
apps/ca.c | 11 +
apps/cmp.c | 54 +++--
doc/man1/openssl-cmp.pod.in | 2 ++
3 files changed, 37 insertions(+), 30 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 29f62f86f2..dbb4d15eb8 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -863,6 +863,7 @@ end_of_options:
if (extensions != NULL) {
/* Check syntax of config file section */
X509V3_CTX ctx;
+
X509V3_set_ctx_test();
X509V3_set_nconf(, conf);
if (!X509V3_EXT_add_nconf(conf, , extensions, NULL)) {
@@ -1141,6 +1142,7 @@ end_of_options:
if (crl_ext != NULL) {
/* Check syntax of file */
X509V3_CTX ctx;
+
X509V3_set_ctx_test();
X509V3_set_nconf(, conf);
if (!X509V3_EXT_add_nconf(conf, , crl_ext, NULL)) {
@@ -1230,6 +1232,7 @@ end_of_options:
if (crl_ext != NULL || crlnumberfile != NULL) {
X509V3_CTX crlctx;
+
X509V3_set_ctx(, x509, NULL, NULL, crl, 0);
X509V3_set_nconf(, conf);
@@ -1697,12 +1700,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509
*x509,
if (!i)
goto end;
+/* Initialize the context structure */
+X509V3_set_ctx(_ctx, selfsign ? ret : x509,
+ ret, req, NULL, X509V3_CTX_REPLACE);
+
/* Lets add the extensions, if there are any */
if (ext_sect) {
-/* Initialize the context structure */
-X509V3_set_ctx(_ctx, selfsign ? ret : x509,
- ret, req, NULL, X509V3_CTX_REPLACE);
-
if (extfile_conf != NULL) {
if (verbose)
BIO_printf(bio_err, "Extra configuration file found\n");
diff --git a/apps/cmp.c b/apps/cmp.c
index 1dbd1f7339..887ec5d22e 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1601,6 +1601,10 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx,
ENGINE *engine)
*/
static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
{
+X509_REQ *csr = NULL;
+X509_EXTENSIONS *exts = NULL;
+X509V3_CTX ext_ctx;
+
if (opt_subject == NULL
&& opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL
&& opt_cmd != CMP_RR && opt_cmd != CMP_GENM)
@@ -1648,30 +1652,41 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE
*engine)
return 0;
}
+if (opt_csr != NULL) {
+if (opt_cmd == CMP_GENM) {
+CMP_warn("-csr option is ignored for genm command");
+} else {
+csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR for p10cr");
+if (csr == NULL)
+return 0;
+if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) {
+X509_REQ_free(csr);
+goto oom;
+}
+}
+}
if (opt_reqexts != NULL || opt_policies != NULL) {
-X509V3_CTX ext_ctx;
-X509_EXTENSIONS *exts = sk_X509_EXTENSION_new_null();
-
-if (exts == NULL)
-return 0;
-X509V3_set_ctx(_ctx, NULL, NULL, NULL, NULL, 0);
+if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
+goto exts_err;
+X509V3_set_ctx(_ctx, NULL, NULL, csr, NULL, X509V3_CTX_REPLACE);
X509V3_set_nconf(_ctx, conf);
if (opt_reqexts != NULL
&& !X509V3_EXT_add_nconf_sk(conf, _ctx, opt_reqexts, )) {
CMP_err1("cannot load certificate request extension section '%s'",
opt_reqexts);
-sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-return 0;
+goto exts_err;
}
if (opt_policies != NULL
&& !X509V3_EXT_add_nconf_sk(conf, _ctx, opt_policies, )) {
Build failed: openssl master.39942
Build openssl master.39942 failed Commit 60a0d74084 by Jon Spillett on 2/17/2021 7:56 AM: Add libctx-aware PKCS12 APIs Configure your notification preferences
[openssl] master update
The branch master has been updated
via fe75766c9c2919f649df7b3ad209df2bc5e56dd0 (commit)
from e5ac413b2d3d6bcff57446f06f3d05650921f182 (commit)
- Log -
commit fe75766c9c2919f649df7b3ad209df2bc5e56dd0
Author: Tomas Mraz
Date: Thu Feb 11 16:57:37 2021 +0100
Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY
Additional renames done in encoder and decoder implementation
to follow the style.
Fixes #13622
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/14155)
---
Summary of changes:
apps/dhparam.c | 22
apps/dsa.c | 4 +-
apps/ec.c | 6 +--
apps/ecparam.c | 4 +-
apps/rsa.c | 6 +--
crypto/asn1/i2d_evp.c | 4 +-
crypto/cms/cms_ec.c| 4 +-
crypto/encode_decode/decoder_pkey.c| 46 -
crypto/encode_decode/encoder_pkey.c| 32 ++--
crypto/evp/evp_pkey.c | 6 +--
crypto/evp/p_lib.c | 4 +-
crypto/pem/pem_all.c | 2 +-
crypto/pem/pem_local.h | 58 +++---
crypto/pem/pem_pk8.c | 4 +-
crypto/pem/pem_pkey.c | 8 +--
crypto/store/store_result.c| 4 +-
crypto/x509/x_pubkey.c | 12 ++---
doc/man3/OSSL_DECODER.pod | 2 +-
..._PKEY.pod => OSSL_DECODER_CTX_new_for_pkey.pod} | 34 ++---
doc/man3/OSSL_ENCODER.pod | 2 +-
..._PKEY.pod => OSSL_ENCODER_CTX_new_for_pkey.pod} | 29 ---
doc/man3/d2i_RSAPrivateKey.pod | 4 +-
include/crypto/decoder.h | 8 +--
include/openssl/decoder.h | 10 ++--
include/openssl/encoder.h | 10 ++--
providers/encoders.inc | 10 ++--
providers/implementations/storemgmt/file_store.c | 10 ++--
ssl/ssl_conf.c | 6 +--
test/endecode_test.c | 20
test/endecoder_legacy_test.c | 42
test/evp_extra_test.c | 4 +-
test/evp_libctx_test.c | 8 +--
test/evp_pkey_provided_test.c | 8 +--
util/libcrypto.num | 4 +-
34 files changed, 211 insertions(+), 226 deletions(-)
rename doc/man3/{OSSL_DECODER_CTX_new_by_EVP_PKEY.pod =>
OSSL_DECODER_CTX_new_for_pkey.pod} (84%)
rename doc/man3/{OSSL_ENCODER_CTX_new_by_EVP_PKEY.pod =>
OSSL_ENCODER_CTX_new_for_pkey.pod} (86%)
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 30fdfbbf6e..d3f96e61d2 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -254,14 +254,14 @@ int dhparam_main(int argc, char **argv)
* We check that we got one of those key types afterwards.
*/
decoderctx
-= OSSL_DECODER_CTX_new_by_EVP_PKEY(,
-(informat == FORMAT_ASN1)
+= OSSL_DECODER_CTX_new_for_pkey(,
+(informat == FORMAT_ASN1)
? "DER" : "PEM",
-NULL,
-(informat == FORMAT_ASN1)
+NULL,
+(informat == FORMAT_ASN1)
? keytype : NULL,
-
OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
-NULL, NULL);
+
OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
+NULL, NULL);
if (decoderctx != NULL
&& !OSSL_DECODER_from_bio(decoderctx, in)
@@ -328,11 +328,11 @@ int dhparam_main(int argc, char **argv)
if (!noout) {
OSSL_ENCODER_CTX *ectx =
-OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey,
-
OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
- outformat == FORMAT_ASN1
- ? "DER" : "PEM",
- NULL, NULL);
+
[openssl] master update
The branch master has been updated via e5ac413b2d3d6bcff57446f06f3d05650921f182 (commit) from 3a962b2093a6226daa26e4d1855d4eb9f2e5035b (commit) - Log - commit e5ac413b2d3d6bcff57446f06f3d05650921f182 Author: Richard Levitte Date: Tue Feb 16 01:19:58 2021 +0100 Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i() The OSSL_HTTP_REQ_CTX API has a few changes compared to the older OCSP_REQ_CTX API which are not quite obvious at first sight. The old OCSP_REQ_CTX_nbio_d2i() took three arguments, of which one is an output argument, and return an int, while the newer OSSL_HTTP_REQ_CTX_sendreq_d2i() returns the value directly and thereby takes one less argument. The mapping from the old to the new wasn't quite right, this corrects it, along with a couple of X509 macros that needed the same kind of fix. Reviewed-by: Paul Dale Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/14196) --- Summary of changes: include/openssl/ocsp.h.in | 4 ++-- include/openssl/x509.h.in | 12 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in index c104b72d8e..3c5de15494 100644 --- a/include/openssl/ocsp.h.in +++ b/include/openssl/ocsp.h.in @@ -189,8 +189,8 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; OSSL_HTTP_REQ_CTX_i2d(r, "application/ocsp-request", i, req) # define OCSP_REQ_CTX_nbio(r) \ OSSL_HTTP_REQ_CTX_nbio(r) -# define OCSP_REQ_CTX_nbio_d2i(r, i) \ -OSSL_HTTP_REQ_CTX_sendreq_d2i(r, i) +# define OCSP_REQ_CTX_nbio_d2i(r, p, i)\ +((*(p) = OSSL_HTTP_REQ_CTX_sendreq_d2i(r, i)) != NULL) # define OCSP_REQ_CTX_get0_mem_bio(r) \ OSSL_HTTP_REQ_CTX_get0_mem_bio(r) # define OCSP_set_max_response_length(r, l) \ diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 7fc1558b18..32aea0e0db 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -403,13 +403,13 @@ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); -# define X509_http_nbio(rctx, pcert) \ -OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, (ASN1_VALUE **)(pcert), \ - ASN1_ITEM_rptr(X509)) +# define X509_http_nbio(rctx, pcert)\ +((*(pcert) =\ + OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509))) != NULL) X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); -# define X509_CRL_http_nbio(rctx, pcrl) \ -OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, (ASN1_VALUE **)(pcrl), \ - ASN1_ITEM_rptr(X509_CRL)) +# define X509_CRL_http_nbio(rctx, pcrl) \ +((*(pcrl) = \ + OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509_CRL))) != NULL) # ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509);
[openssl] master update
The branch master has been updated via 3a962b2093a6226daa26e4d1855d4eb9f2e5035b (commit) via 851b06b7055b2ab3eaf82f8989f8729920862b2f (commit) from 68883d9db86534176d744c7691ac7565f5def884 (commit) - Log - commit 3a962b2093a6226daa26e4d1855d4eb9f2e5035b Author: Nicola Tuveri Date: Fri Jan 22 18:50:12 2021 +0200 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom For consistency with `OSSL_DECODER.pod`, and `man-pages(7)`, the `NOTES` section is moved at the end of the file. According to `man-pages(7)` the recommended section order is: > NAME > SYNOPSIS > CONFIGURATION [Normally only in Section 4] > DESCRIPTION > OPTIONS[Normally only in Sections 1, 8] > EXIT STATUS[Normally only in Sections 1, 8] > RETURN VALUE [Normally only in Sections 2, 3] > ERRORS [Typically only in Sections 2, 3] > ENVIRONMENT > FILES > VERSIONS [Normally only in Sections 2, 3] > CONFORMING TO > NOTES > BUGS > EXAMPLE > SEE ALSO This commit does not attempt to fix the order in all pages but focuses only on `OSSL_ENCODER` which has a "twin" man page in `OSSL_DECODER`, making the inconsistent section order quite jarring. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13932) commit 851b06b7055b2ab3eaf82f8989f8729920862b2f Author: Nicola Tuveri Date: Fri Jan 22 18:45:07 2021 +0200 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties This commit fixes the DECSCRIPTION section of doc/man3/OSSL_ENCODER.pod, where `OSSL_ENCODER_properties` was incorrectly referred to as `OSSL_ENCODER_provider`. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13932) --- Summary of changes: doc/man3/OSSL_ENCODER.pod | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod index a9da0aaff3..da1aa475dc 100644 --- a/doc/man3/OSSL_ENCODER.pod +++ b/doc/man3/OSSL_ENCODER.pod @@ -63,7 +63,7 @@ I, and when the count reaches zero, frees it. OSSL_ENCODER_provider() returns the provider of the given I. -OSSL_ENCODER_provider() returns the property definition associated +OSSL_ENCODER_properties() returns the property definition associated with the given I. OSSL_ENCODER_is_a() checks if I is an implementation of an @@ -87,12 +87,6 @@ OSSL_ENCODER_get_params() attempts to get parameters specified with an L array I. Parameters that the implementation doesn't recognise should be ignored. -=head1 NOTES - -OSSL_ENCODER_fetch() may be called implicitly by other fetching -functions, using the same library context and properties. -Any other API that uses keys will typically do this. - =head1 RETURN VALUES OSSL_ENCODER_fetch() returns a pointer to the key management @@ -114,6 +108,12 @@ otherwise 0. OSSL_ENCODER_number() returns an integer. +=head1 NOTES + +OSSL_ENCODER_fetch() may be called implicitly by other fetching +functions, using the same library context and properties. +Any other API that uses keys will typically do this. + =head1 SEE ALSO L, L, L,
