Build failed: openssl master.39965
Build openssl master.39965 failed Commit 0919d47e9b by Matt Caswell on 2/17/2021 3:34 PM: fixup! Test errors from a provider can still be accessed after unload Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: adc11e1b9c x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068 b51bed05c2 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR d44a8a16c8 apps/ca.c: Make sure ext_ctx structure gets initialized fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY e5ac413b2d Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i() 3a962b2093 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom 851b06b705 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties 68883d9db8 doc: document the two new RAND functions 335e85f542 rand: update DRBGs to use the get_entropy call for seeding 78436fd146 core: add get_entropy and clear_entropy calls to RAND e2730b8426 RNG test: add get_entropy hook for testing. 9ed185a926 RNG seed: add get_entropy hook for seeding. 381289f6c7 err: generated error files 79d68c4fb4 test: DRBG test with long seed. 574ca403c8 Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client 5b888e931b Fix propquery handling in EVP_DigestSignInit_ex 55e9d8cfff TEST: Add missing initialization c913dbd716 Update CHANGES and NEWS for new release c9fb704cf3 Don't overflow the output length in EVP_CipherUpdate calls c1ddd392cf Fix rsa_test to properly test RSA_SSLV23_PADDING d9461cbe87 Fix the RSA_SSLV23_PADDING padding type 4357b6174a Refactor rsa_test 55869f594f Test that X509_issuer_and_serial_hash doesn't crash 8130d654d1 Fix Null pointer deref in X509_issuer_and_serial_hash() c9e955dd50 Do not match RFC 5114 groups without q as it is significant 62829f9f26 README-ENGINES: fix the link to the provider API README 9dc9c7f2d7 Document the newly added function EVP_PKEY_param_check_quick() 0217e53e33 Fix the dhparam_check test 899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl aee73562d1 Run DH_check_ex() not DH_check_params_ex() when checking params 93e43f4c47 RSA: avoid dereferencing possibly-NULL parameter in initializers 63ae847679 x509_vfy: remove redundant stack allocation 99c166a1b0 Add docs for ASN1_item_sign and ASN1_item_verify functions Build log ended with (last 100 lines): 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: adc11e1b9c x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068 b51bed05c2 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR d44a8a16c8 apps/ca.c: Make sure ext_ctx structure gets initialized fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY e5ac413b2d Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i() 3a962b2093 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom 851b06b705 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties 68883d9db8 doc: document the two new RAND functions 335e85f542 rand: update DRBGs to use the get_entropy call for seeding 78436fd146 core: add get_entropy and clear_entropy calls to RAND e2730b8426 RNG test: add get_entropy hook for testing. 9ed185a926 RNG seed: add get_entropy hook for seeding. 381289f6c7 err: generated error files 79d68c4fb4 test: DRBG test with long seed. 574ca403c8 Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client 5b888e931b Fix propquery handling in EVP_DigestSignInit_ex 55e9d8cfff TEST: Add missing initialization c913dbd716 Update CHANGES and NEWS for new release c9fb704cf3 Don't overflow the output length in EVP_CipherUpdate calls c1ddd392cf Fix rsa_test to properly test RSA_SSLV23_PADDING d9461cbe87 Fix the RSA_SSLV23_PADDING padding type 4357b6174a Refactor rsa_test 55869f594f Test that X509_issuer_and_serial_hash doesn't crash 8130d654d1 Fix Null pointer deref in X509_issuer_and_serial_hash() c9e955dd50 Do not match RFC 5114 groups without q as it is significant 62829f9f26 README-ENGINES: fix the link to the provider API README 9dc9c7f2d7 Document the newly added function EVP_PKEY_param_check_quick() 0217e53e33 Fix the dhparam_check test 899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl aee73562d1 Run DH_check_ex() not DH_check_params_ex() when checking params 93e43f4c47 RSA: avoid dereferencing possibly-NULL parameter in initializers 63ae847679 x509_vfy: remove redundant stack allocation 99c166a1b0 Add docs for ASN1_item_sign and ASN1_item_verify functions Build log ended with (last 100 lines): 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: adc11e1b9c x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068 b51bed05c2 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR d44a8a16c8 apps/ca.c: Make sure ext_ctx structure gets initialized fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY e5ac413b2d Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i() 3a962b2093 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom 851b06b705 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties 68883d9db8 doc: document the two new RAND functions 335e85f542 rand: update DRBGs to use the get_entropy call for seeding 78436fd146 core: add get_entropy and clear_entropy calls to RAND e2730b8426 RNG test: add get_entropy hook for testing. 9ed185a926 RNG seed: add get_entropy hook for seeding. 381289f6c7 err: generated error files 79d68c4fb4 test: DRBG test with long seed. 574ca403c8 Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client 5b888e931b Fix propquery handling in EVP_DigestSignInit_ex 55e9d8cfff TEST: Add missing initialization c913dbd716 Update CHANGES and NEWS for new release c9fb704cf3 Don't overflow the output length in EVP_CipherUpdate calls c1ddd392cf Fix rsa_test to properly test RSA_SSLV23_PADDING d9461cbe87 Fix the RSA_SSLV23_PADDING padding type 4357b6174a Refactor rsa_test 55869f594f Test that X509_issuer_and_serial_hash doesn't crash 8130d654d1 Fix Null pointer deref in X509_issuer_and_serial_hash() c9e955dd50 Do not match RFC 5114 groups without q as it is significant 62829f9f26 README-ENGINES: fix the link to the provider API README 9dc9c7f2d7 Document the newly added function EVP_PKEY_param_check_quick() 0217e53e33 Fix the dhparam_check test 899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl aee73562d1 Run DH_check_ex() not DH_check_params_ex() when checking params 93e43f4c47 RSA: avoid dereferencing possibly-NULL parameter in initializers 63ae847679 x509_vfy: remove redundant stack allocation 99c166a1b0 Add docs for ASN1_item_sign and ASN1_item_verify functions Build log ended with (last 100 lines): 01-test_test.t . ok 02-test_errstr.t ... ok 02-test_internal_context.t . ok 02-test_internal_ctype.t ... ok 02-test_internal_keymgmt.t . ok 02-test_internal_provider.t ok 02-test_lhash.t ok 02-test_ordinals.t . ok 02-test_sparse_array.t . ok 02-test_stack.t ok 03-test_exdata.t ... ok 03-test_fipsinstall.t .. ok 03-test_internal_asn1.t ok 03-test_internal_asn1_dsa.t ok 03-test_internal_bn.t .. ok 03-test_internal_chacha.t .. ok 03-test_internal_curve448.t ok 03-test_internal_ec.t .. ok 03-test_internal_ffc.t . ok 03-test_internal_mdc2.t ok 03-test_internal_modes.t ... ok 03-test_internal_namemap.t . ok 03-test_internal_poly1305.t ok 03-test_internal_rsa_sp800_56b.t ... ok 03-test_internal_siphash.t . ok 03-test_internal_sm2.t . ok 03-test_internal_sm4.t . ok 03-test_internal_ssl_cert_table.t .. ok 03-test_internal_x509.t ok 03-test_params_api.t ... ok 03-test_property.t . ok 03-test_ui.t ... ok 04-test_asn1_decode.t .. ok 04-test_asn1_encode.t .. ok 04-test_asn1_string_table.t ok 04-test_bio_callback.t . ok 04-test_bioprint.t . ok 04-test_conf.t . ok 04-test_encoder_decoder.t .. ok 04-test_encoder_decoder_legacy.t ... ok 04-test_err.t .. ok 04-test_hexstring.t ok 04-test_param_build.t .. ok 04-test_params.t ... ok 04-test_params_conversion.t ok 04-test_pem.t .. ok 04-test_pem_read_depr.t ok 04-test_provider.t . ok 04-test_provider_fallback.t ok 05-test_bf.t ... ok 05-test_cast.t . ok 05-test_cmac.t . ok 05-test_des.t .. ok 05-test_hmac.t . ok 05-test_idea.t . ok 05-test_rand.t . ok 05-test_rc2.t .. ok 05-test_rc4.t .. ok 05-test_rc5.t .. skipped: rc5 is not supported by this OpenSSL build 06-test-rdrand.t ... ok 06-test_algorithmid.t .. ok 10-test_bn.t ... ok 10-test_exp.t .. ok 15-test_dh.t ... ok 15-test_dsa.t
Build completed: openssl master.39943
Build openssl master.39943 completed Commit 620b29a87f by Shane Lontis on 2/17/2021 7:54 AM: Fix external symbols in the provider cipher implementations. Configure your notification preferences
[openssl] master update
The branch master has been updated via adc11e1b9cf12df3c67de165a2b42ac72266cbca (commit) from b51bed05c2ab54a1933b5c18862e68cd4540278c (commit) - Log - commit adc11e1b9cf12df3c67de165a2b42ac72266cbca Author: Dr. David von Oheimb Date: Mon Feb 15 10:24:58 2021 +0100 x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068 Fixes: Variable "sk_untrusted" going out of scope leaks the storage it points to. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14187) --- Summary of changes: crypto/x509/x509_vfy.c | 12 +--- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 4e192abec4..d5c09d28f4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3035,12 +3035,9 @@ static int build_chain(X509_STORE_CTX *ctx) * If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add * them to our working copy of the untrusted certificate stack. */ -if (DANETLS_ENABLED(dane) && dane->certs != NULL) { -if (!X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT)) { -sk_X509_free(sk_untrusted); -goto memerr; -} -} +if (DANETLS_ENABLED(dane) && dane->certs != NULL +&& !X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT)) +goto memerr; /* * Still absurdly large, but arithmetically safe, a lower hard upper bound @@ -3306,14 +3303,15 @@ static int build_chain(X509_STORE_CTX *ctx) } int_err: -sk_X509_free(sk_untrusted); ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); ctx->error = X509_V_ERR_UNSPECIFIED; +sk_X509_free(sk_untrusted); return -1; memerr: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; +sk_X509_free(sk_untrusted); return -1; }
[openssl] master update
The branch master has been updated via b51bed05c2ab54a1933b5c18862e68cd4540278c (commit) via d44a8a16c8a2851af7f70575ff3dd23cc06f30e1 (commit) from fe75766c9c2919f649df7b3ad209df2bc5e56dd0 (commit) - Log - commit b51bed05c2ab54a1933b5c18862e68cd4540278c Author: Dr. David von Oheimb Date: Sun Feb 14 20:25:42 2021 +0100 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR Also improve doc how the -reqexts option affects the CSR given with the -csr option. Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14181) commit d44a8a16c8a2851af7f70575ff3dd23cc06f30e1 Author: Dr. David von Oheimb Date: Sun Feb 14 20:12:38 2021 +0100 apps/ca.c: Make sure ext_ctx structure gets initialized Fixes #14175 Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14181) --- Summary of changes: apps/ca.c | 11 + apps/cmp.c | 54 +++-- doc/man1/openssl-cmp.pod.in | 2 ++ 3 files changed, 37 insertions(+), 30 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 29f62f86f2..dbb4d15eb8 100755 --- a/apps/ca.c +++ b/apps/ca.c @@ -863,6 +863,7 @@ end_of_options: if (extensions != NULL) { /* Check syntax of config file section */ X509V3_CTX ctx; + X509V3_set_ctx_test(); X509V3_set_nconf(, conf); if (!X509V3_EXT_add_nconf(conf, , extensions, NULL)) { @@ -1141,6 +1142,7 @@ end_of_options: if (crl_ext != NULL) { /* Check syntax of file */ X509V3_CTX ctx; + X509V3_set_ctx_test(); X509V3_set_nconf(, conf); if (!X509V3_EXT_add_nconf(conf, , crl_ext, NULL)) { @@ -1230,6 +1232,7 @@ end_of_options: if (crl_ext != NULL || crlnumberfile != NULL) { X509V3_CTX crlctx; + X509V3_set_ctx(, x509, NULL, NULL, crl, 0); X509V3_set_nconf(, conf); @@ -1697,12 +1700,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (!i) goto end; +/* Initialize the context structure */ +X509V3_set_ctx(_ctx, selfsign ? ret : x509, + ret, req, NULL, X509V3_CTX_REPLACE); + /* Lets add the extensions, if there are any */ if (ext_sect) { -/* Initialize the context structure */ -X509V3_set_ctx(_ctx, selfsign ? ret : x509, - ret, req, NULL, X509V3_CTX_REPLACE); - if (extfile_conf != NULL) { if (verbose) BIO_printf(bio_err, "Extra configuration file found\n"); diff --git a/apps/cmp.c b/apps/cmp.c index 1dbd1f7339..887ec5d22e 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1601,6 +1601,10 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) */ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { +X509_REQ *csr = NULL; +X509_EXTENSIONS *exts = NULL; +X509V3_CTX ext_ctx; + if (opt_subject == NULL && opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL && opt_cmd != CMP_RR && opt_cmd != CMP_GENM) @@ -1648,30 +1652,41 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) return 0; } +if (opt_csr != NULL) { +if (opt_cmd == CMP_GENM) { +CMP_warn("-csr option is ignored for genm command"); +} else { +csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR for p10cr"); +if (csr == NULL) +return 0; +if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) { +X509_REQ_free(csr); +goto oom; +} +} +} if (opt_reqexts != NULL || opt_policies != NULL) { -X509V3_CTX ext_ctx; -X509_EXTENSIONS *exts = sk_X509_EXTENSION_new_null(); - -if (exts == NULL) -return 0; -X509V3_set_ctx(_ctx, NULL, NULL, NULL, NULL, 0); +if ((exts = sk_X509_EXTENSION_new_null()) == NULL) +goto exts_err; +X509V3_set_ctx(_ctx, NULL, NULL, csr, NULL, X509V3_CTX_REPLACE); X509V3_set_nconf(_ctx, conf); if (opt_reqexts != NULL && !X509V3_EXT_add_nconf_sk(conf, _ctx, opt_reqexts, )) { CMP_err1("cannot load certificate request extension section '%s'", opt_reqexts); -sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); -return 0; +goto exts_err; } if (opt_policies != NULL && !X509V3_EXT_add_nconf_sk(conf, _ctx, opt_policies, )) {
Build failed: openssl master.39942
Build openssl master.39942 failed Commit 60a0d74084 by Jon Spillett on 2/17/2021 7:56 AM: Add libctx-aware PKCS12 APIs Configure your notification preferences
[openssl] master update
The branch master has been updated via fe75766c9c2919f649df7b3ad209df2bc5e56dd0 (commit) from e5ac413b2d3d6bcff57446f06f3d05650921f182 (commit) - Log - commit fe75766c9c2919f649df7b3ad209df2bc5e56dd0 Author: Tomas Mraz Date: Thu Feb 11 16:57:37 2021 +0100 Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY Additional renames done in encoder and decoder implementation to follow the style. Fixes #13622 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14155) --- Summary of changes: apps/dhparam.c | 22 apps/dsa.c | 4 +- apps/ec.c | 6 +-- apps/ecparam.c | 4 +- apps/rsa.c | 6 +-- crypto/asn1/i2d_evp.c | 4 +- crypto/cms/cms_ec.c| 4 +- crypto/encode_decode/decoder_pkey.c| 46 - crypto/encode_decode/encoder_pkey.c| 32 ++-- crypto/evp/evp_pkey.c | 6 +-- crypto/evp/p_lib.c | 4 +- crypto/pem/pem_all.c | 2 +- crypto/pem/pem_local.h | 58 +++--- crypto/pem/pem_pk8.c | 4 +- crypto/pem/pem_pkey.c | 8 +-- crypto/store/store_result.c| 4 +- crypto/x509/x_pubkey.c | 12 ++--- doc/man3/OSSL_DECODER.pod | 2 +- ..._PKEY.pod => OSSL_DECODER_CTX_new_for_pkey.pod} | 34 ++--- doc/man3/OSSL_ENCODER.pod | 2 +- ..._PKEY.pod => OSSL_ENCODER_CTX_new_for_pkey.pod} | 29 --- doc/man3/d2i_RSAPrivateKey.pod | 4 +- include/crypto/decoder.h | 8 +-- include/openssl/decoder.h | 10 ++-- include/openssl/encoder.h | 10 ++-- providers/encoders.inc | 10 ++-- providers/implementations/storemgmt/file_store.c | 10 ++-- ssl/ssl_conf.c | 6 +-- test/endecode_test.c | 20 test/endecoder_legacy_test.c | 42 test/evp_extra_test.c | 4 +- test/evp_libctx_test.c | 8 +-- test/evp_pkey_provided_test.c | 8 +-- util/libcrypto.num | 4 +- 34 files changed, 211 insertions(+), 226 deletions(-) rename doc/man3/{OSSL_DECODER_CTX_new_by_EVP_PKEY.pod => OSSL_DECODER_CTX_new_for_pkey.pod} (84%) rename doc/man3/{OSSL_ENCODER_CTX_new_by_EVP_PKEY.pod => OSSL_ENCODER_CTX_new_for_pkey.pod} (86%) diff --git a/apps/dhparam.c b/apps/dhparam.c index 30fdfbbf6e..d3f96e61d2 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -254,14 +254,14 @@ int dhparam_main(int argc, char **argv) * We check that we got one of those key types afterwards. */ decoderctx -= OSSL_DECODER_CTX_new_by_EVP_PKEY(, -(informat == FORMAT_ASN1) += OSSL_DECODER_CTX_new_for_pkey(, +(informat == FORMAT_ASN1) ? "DER" : "PEM", -NULL, -(informat == FORMAT_ASN1) +NULL, +(informat == FORMAT_ASN1) ? keytype : NULL, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, -NULL, NULL); + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, +NULL, NULL); if (decoderctx != NULL && !OSSL_DECODER_from_bio(decoderctx, in) @@ -328,11 +328,11 @@ int dhparam_main(int argc, char **argv) if (!noout) { OSSL_ENCODER_CTX *ectx = -OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - outformat == FORMAT_ASN1 - ? "DER" : "PEM", - NULL, NULL); +
[openssl] master update
The branch master has been updated via e5ac413b2d3d6bcff57446f06f3d05650921f182 (commit) from 3a962b2093a6226daa26e4d1855d4eb9f2e5035b (commit) - Log - commit e5ac413b2d3d6bcff57446f06f3d05650921f182 Author: Richard Levitte Date: Tue Feb 16 01:19:58 2021 +0100 Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i() The OSSL_HTTP_REQ_CTX API has a few changes compared to the older OCSP_REQ_CTX API which are not quite obvious at first sight. The old OCSP_REQ_CTX_nbio_d2i() took three arguments, of which one is an output argument, and return an int, while the newer OSSL_HTTP_REQ_CTX_sendreq_d2i() returns the value directly and thereby takes one less argument. The mapping from the old to the new wasn't quite right, this corrects it, along with a couple of X509 macros that needed the same kind of fix. Reviewed-by: Paul Dale Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/14196) --- Summary of changes: include/openssl/ocsp.h.in | 4 ++-- include/openssl/x509.h.in | 12 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in index c104b72d8e..3c5de15494 100644 --- a/include/openssl/ocsp.h.in +++ b/include/openssl/ocsp.h.in @@ -189,8 +189,8 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; OSSL_HTTP_REQ_CTX_i2d(r, "application/ocsp-request", i, req) # define OCSP_REQ_CTX_nbio(r) \ OSSL_HTTP_REQ_CTX_nbio(r) -# define OCSP_REQ_CTX_nbio_d2i(r, i) \ -OSSL_HTTP_REQ_CTX_sendreq_d2i(r, i) +# define OCSP_REQ_CTX_nbio_d2i(r, p, i)\ +((*(p) = OSSL_HTTP_REQ_CTX_sendreq_d2i(r, i)) != NULL) # define OCSP_REQ_CTX_get0_mem_bio(r) \ OSSL_HTTP_REQ_CTX_get0_mem_bio(r) # define OCSP_set_max_response_length(r, l) \ diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 7fc1558b18..32aea0e0db 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -403,13 +403,13 @@ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); -# define X509_http_nbio(rctx, pcert) \ -OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, (ASN1_VALUE **)(pcert), \ - ASN1_ITEM_rptr(X509)) +# define X509_http_nbio(rctx, pcert)\ +((*(pcert) =\ + OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509))) != NULL) X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); -# define X509_CRL_http_nbio(rctx, pcrl) \ -OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, (ASN1_VALUE **)(pcrl), \ - ASN1_ITEM_rptr(X509_CRL)) +# define X509_CRL_http_nbio(rctx, pcrl) \ +((*(pcrl) = \ + OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509_CRL))) != NULL) # ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509);
[openssl] master update
The branch master has been updated via 3a962b2093a6226daa26e4d1855d4eb9f2e5035b (commit) via 851b06b7055b2ab3eaf82f8989f8729920862b2f (commit) from 68883d9db86534176d744c7691ac7565f5def884 (commit) - Log - commit 3a962b2093a6226daa26e4d1855d4eb9f2e5035b Author: Nicola Tuveri Date: Fri Jan 22 18:50:12 2021 +0200 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom For consistency with `OSSL_DECODER.pod`, and `man-pages(7)`, the `NOTES` section is moved at the end of the file. According to `man-pages(7)` the recommended section order is: > NAME > SYNOPSIS > CONFIGURATION [Normally only in Section 4] > DESCRIPTION > OPTIONS[Normally only in Sections 1, 8] > EXIT STATUS[Normally only in Sections 1, 8] > RETURN VALUE [Normally only in Sections 2, 3] > ERRORS [Typically only in Sections 2, 3] > ENVIRONMENT > FILES > VERSIONS [Normally only in Sections 2, 3] > CONFORMING TO > NOTES > BUGS > EXAMPLE > SEE ALSO This commit does not attempt to fix the order in all pages but focuses only on `OSSL_ENCODER` which has a "twin" man page in `OSSL_DECODER`, making the inconsistent section order quite jarring. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13932) commit 851b06b7055b2ab3eaf82f8989f8729920862b2f Author: Nicola Tuveri Date: Fri Jan 22 18:45:07 2021 +0200 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties This commit fixes the DECSCRIPTION section of doc/man3/OSSL_ENCODER.pod, where `OSSL_ENCODER_properties` was incorrectly referred to as `OSSL_ENCODER_provider`. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13932) --- Summary of changes: doc/man3/OSSL_ENCODER.pod | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod index a9da0aaff3..da1aa475dc 100644 --- a/doc/man3/OSSL_ENCODER.pod +++ b/doc/man3/OSSL_ENCODER.pod @@ -63,7 +63,7 @@ I, and when the count reaches zero, frees it. OSSL_ENCODER_provider() returns the provider of the given I. -OSSL_ENCODER_provider() returns the property definition associated +OSSL_ENCODER_properties() returns the property definition associated with the given I. OSSL_ENCODER_is_a() checks if I is an implementation of an @@ -87,12 +87,6 @@ OSSL_ENCODER_get_params() attempts to get parameters specified with an L array I. Parameters that the implementation doesn't recognise should be ignored. -=head1 NOTES - -OSSL_ENCODER_fetch() may be called implicitly by other fetching -functions, using the same library context and properties. -Any other API that uses keys will typically do this. - =head1 RETURN VALUES OSSL_ENCODER_fetch() returns a pointer to the key management @@ -114,6 +108,12 @@ otherwise 0. OSSL_ENCODER_number() returns an integer. +=head1 NOTES + +OSSL_ENCODER_fetch() may be called implicitly by other fetching +functions, using the same library context and properties. +Any other API that uses keys will typically do this. + =head1 SEE ALSO L, L, L,