[openssl] master update
The branch master has been updated via e1f946630f06c2d3a112022472bb13a1586f599f (commit) via 740582cfaffb26c60c72cdc789b39da5c7ec8c66 (commit) via fccdb61aee9538268e2eecfdc5b1e31327803ee4 (commit) via 5a11de50a41054ed17d4280c39825a2bdaa96b96 (commit) from 0647162f6af7c2e0edb4c770bf501ad7e0302970 (commit) - Log - commit e1f946630f06c2d3a112022472bb13a1586f599f Author: Pauli Date: Sat Feb 27 12:18:15 2021 +1000 test: use the new set public and private together call Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14341) commit 740582cfaffb26c60c72cdc789b39da5c7ec8c66 Author: Pauli Date: Sat Feb 27 12:17:57 2021 +1000 test: add utility function to set the fake random callback on both the public and private instances Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14341) commit fccdb61aee9538268e2eecfdc5b1e31327803ee4 Author: Pauli Date: Sat Feb 27 11:57:13 2021 +1000 test: update ECDSA and SM2 internal tests in line with the fake_random change Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14341) commit 5a11de50a41054ed17d4280c39825a2bdaa96b96 Author: Pauli Date: Sat Feb 27 11:55:59 2021 +1000 test: update test_random to create real contexts instead of sharing one Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14341) --- Summary of changes: test/ecdsatest.c| 11 + test/sm2_internal_test.c| 10 +--- test/testutil.h | 9 ++- test/testutil/fake_random.c | 58 ++--- 4 files changed, 66 insertions(+), 22 deletions(-) diff --git a/test/ecdsatest.c b/test/ecdsatest.c index d03eb6f01e..cf09419c94 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -25,18 +25,21 @@ # include "internal/nelem.h" # include "ecdsatest.h" +static fake_random_generate_cb fbytes; + static const char *numbers[2]; static size_t crv_len = 0; static EC_builtin_curve *curves = NULL; static OSSL_PROVIDER *fake_rand = NULL; -static int fbytes(unsigned char *buf, size_t num) +static int fbytes(unsigned char *buf, size_t num, ossl_unused const char *name, + EVP_RAND_CTX *ctx) { int ret = 0; static int fbytes_counter = 0; BIGNUM *tmp = NULL; -fake_rand_set_callback(NULL); +fake_rand_set_callback(ctx, NULL); if (!TEST_ptr(tmp = BN_new()) || !TEST_int_lt(fbytes_counter, OSSL_NELEM(numbers)) @@ -114,7 +117,7 @@ static int x9_62_tests(int n) goto err; /* public key must match KAT */ -fake_rand_set_callback(); +fake_rand_set_callback(RAND_get0_private(NULL), ); if (!TEST_true(EC_KEY_generate_key(key)) || !TEST_true(p_len = EC_KEY_key2buf(key, POINT_CONVERSION_UNCOMPRESSED, , NULL)) @@ -124,7 +127,7 @@ static int x9_62_tests(int n) goto err; /* create the signature via ECDSA_sign_setup to avoid use of ECDSA nonces */ -fake_rand_set_callback(); +fake_rand_set_callback(RAND_get0_private(NULL), ); if (!TEST_true(ECDSA_sign_setup(key, NULL, , )) || !TEST_ptr(signature = ECDSA_do_sign_ex(digest, dgst_len, kinv, rp, key)) diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index aaa337b57b..6b80611dd2 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -28,12 +28,16 @@ # include "crypto/sm2.h" +static fake_random_generate_cb get_faked_bytes; + static OSSL_PROVIDER *fake_rand = NULL; static uint8_t *fake_rand_bytes = NULL; static size_t fake_rand_bytes_offset = 0; static size_t fake_rand_size = 0; -static int get_faked_bytes(unsigned char *buf, size_t num) +static int get_faked_bytes(unsigned char *buf, size_t num, + ossl_unused const char *name, + ossl_unused EVP_RAND_CTX *ctx) { if (!TEST_ptr(fake_rand_bytes) || !TEST_size_t_gt(fake_rand_size, 0)) return 0; @@ -56,14 +60,14 @@ static int start_fake_rand(const char *hex_bytes) return 0; /* use own random function */ -fake_rand_set_callback(get_faked_bytes); +fake_rand_set_public_private_callbacks(NULL, get_faked_bytes); return 1; } static void restore_rand(void) { -fake_rand_set_callback(NULL); +fake_rand_set_public_private_callbacks(NULL, NULL); OPENSSL_free(fake_rand_bytes); fake_rand_bytes = NULL; fake_rand_bytes_offset = 0; diff --git a/test/testutil.h b/test/testutil.h index 93c91a4a41..8457a2a384 100644 ---
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support
[openssl] master update
The branch master has been updated via 0647162f6af7c2e0edb4c770bf501ad7e0302970 (commit) from bed963d58d837c5cbf0707bffe250cafffc64690 (commit) - Log - commit 0647162f6af7c2e0edb4c770bf501ad7e0302970 Author: Richard Levitte Date: Mon Mar 1 12:06:36 2021 +0100 make update Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14352) --- Summary of changes: doc/build.info | 6 ++ 1 file changed, 6 insertions(+) diff --git a/doc/build.info b/doc/build.info index e753b06e12..e53b3d1007 100644 --- a/doc/build.info +++ b/doc/build.info @@ -1594,6 +1594,10 @@ DEPEND[html/man3/OSSL_HTTP_REQ_CTX.html]=man3/OSSL_HTTP_REQ_CTX.pod GENERATE[html/man3/OSSL_HTTP_REQ_CTX.html]=man3/OSSL_HTTP_REQ_CTX.pod DEPEND[man/man3/OSSL_HTTP_REQ_CTX.3]=man3/OSSL_HTTP_REQ_CTX.pod GENERATE[man/man3/OSSL_HTTP_REQ_CTX.3]=man3/OSSL_HTTP_REQ_CTX.pod +DEPEND[html/man3/OSSL_HTTP_parse_url.html]=man3/OSSL_HTTP_parse_url.pod +GENERATE[html/man3/OSSL_HTTP_parse_url.html]=man3/OSSL_HTTP_parse_url.pod +DEPEND[man/man3/OSSL_HTTP_parse_url.3]=man3/OSSL_HTTP_parse_url.pod +GENERATE[man/man3/OSSL_HTTP_parse_url.3]=man3/OSSL_HTTP_parse_url.pod DEPEND[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod GENERATE[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod DEPEND[man/man3/OSSL_HTTP_transfer.3]=man3/OSSL_HTTP_transfer.pod @@ -3024,6 +3028,7 @@ html/man3/OSSL_ENCODER_CTX.html \ html/man3/OSSL_ENCODER_CTX_new_for_pkey.html \ html/man3/OSSL_ENCODER_to_bio.html \ html/man3/OSSL_HTTP_REQ_CTX.html \ +html/man3/OSSL_HTTP_parse_url.html \ html/man3/OSSL_HTTP_transfer.html \ html/man3/OSSL_LIB_CTX.html \ html/man3/OSSL_PARAM.html \ @@ -3593,6 +3598,7 @@ man/man3/OSSL_ENCODER_CTX.3 \ man/man3/OSSL_ENCODER_CTX_new_for_pkey.3 \ man/man3/OSSL_ENCODER_to_bio.3 \ man/man3/OSSL_HTTP_REQ_CTX.3 \ +man/man3/OSSL_HTTP_parse_url.3 \ man/man3/OSSL_HTTP_transfer.3 \ man/man3/OSSL_LIB_CTX.3 \ man/man3/OSSL_PARAM.3 \
FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified
[openssl] master update
The branch master has been updated via bed963d58d837c5cbf0707bffe250cafffc64690 (commit) from b0aae913246af1d07e728d24f53f55028f61c696 (commit) - Log - commit bed963d58d837c5cbf0707bffe250cafffc64690 Author: UndefBehavior Date: Fri Feb 26 13:36:08 2021 +0300 Fix build of /dev/crypto engine with no-dynamic-engine option CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/14329) --- Summary of changes: engines/e_devcrypto.c | 1 - 1 file changed, 1 deletion(-) diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index e1c4372f72..76255a978d 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -1361,7 +1361,6 @@ void engine_load_devcrypto_int(void) */ ERR_pop_to_mark(); } -} #else
[openssl] master update
The branch master has been updated via b0aae913246af1d07e728d24f53f55028f61c696 (commit) from d546e8e267bfddc1ca310dfa8b9a72ab4f9aac7c (commit) - Log - commit b0aae913246af1d07e728d24f53f55028f61c696 Author: Rich Salz Date: Mon Feb 22 12:55:25 2021 -0500 Remove RSA SSLv23 padding mode Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14248) --- Summary of changes: CHANGES.md | 7 + apps/rsautl.c | 6 +- crypto/evp/ctrl_params_translate.c | 1 - crypto/rsa/build.info | 2 +- crypto/rsa/rsa_local.h | 3 - crypto/rsa/rsa_ossl.c | 11 -- crypto/rsa/rsa_pmeth.c | 2 - crypto/rsa/rsa_ssl.c| 189 doc/man1/openssl-pkeyutl.pod.in | 2 +- doc/man1/openssl-rsautl.pod.in | 10 +- doc/man3/EVP_PKEY_CTX_ctrl.pod | 2 +- doc/man3/RSA_padding_add_PKCS1_type_1.pod | 11 -- doc/man3/RSA_public_encrypt.pod | 5 - doc/man7/EVP_SIGNATURE-RSA.pod | 2 - doc/man7/provider-asym_cipher.pod | 2 +- include/openssl/core_names.h| 1 - include/openssl/rsa.h | 8 - providers/implementations/asymciphers/rsa_enc.c | 1 - providers/implementations/signature/rsa.c | 4 - test/rsa_test.c | 23 --- util/libcrypto.num | 4 +- 21 files changed, 16 insertions(+), 280 deletions(-) delete mode 100644 crypto/rsa/rsa_ssl.c diff --git a/CHANGES.md b/CHANGES.md index 0bc5f81100..33a335e689 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -77,6 +77,13 @@ OpenSSL 3.0 *Tomáš Mráz* + * Removed RSA padding mode for SSLv23 (which was only used for + SSLv2). This includes the functions RSA_padding_check_SSLv23() and + RSA_padding_add_SSLv23() and the `-ssl` option in the deprecated + `rsautl` command. + + *Rich Salz* + * Deprecated the obsolete X9.31 RSA key generation related functions BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and BN_X931_generate_prime_ex(). diff --git a/apps/rsautl.c b/apps/rsautl.c index ef0b1f66c7..05b2b189af 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -28,7 +28,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, -OPT_RSA_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931, +OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931, OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, OPT_R_ENUM, OPT_PROV_ENUM @@ -56,7 +56,6 @@ const OPTIONS rsautl_options[] = { OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output file"}, -{"ssl", OPT_SSL, '-', "Use SSL v2 padding"}, {"raw", OPT_RSA_RAW, '-', "Use no padding"}, {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"}, {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"}, @@ -123,9 +122,6 @@ int rsautl_main(int argc, char **argv) case OPT_OAEP: pad = RSA_PKCS1_OAEP_PADDING; break; -case OPT_SSL: -pad = RSA_SSLV23_PADDING; -break; case OPT_PKCS: pad = RSA_PKCS1_PADDING; break; diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index e0f849d236..ae3340395d 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1186,7 +1186,6 @@ static int fix_rsa_padding_mode(enum state state, { static const OSSL_ITEM str_value_map[] = { { RSA_PKCS1_PADDING,"pkcs1" }, -{ RSA_SSLV23_PADDING, "sslv23" }, { RSA_NO_PADDING, "none" }, { RSA_PKCS1_OAEP_PADDING, "oaep" }, { RSA_PKCS1_OAEP_PADDING, "oeap" }, diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info index f0c7668bf2..ad3370db39 100644 --- a/crypto/rsa/build.info +++ b/crypto/rsa/build.info @@ -7,7 +7,7 @@ $COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \ SOURCE[../../libcrypto]=$COMMON\ rsa_saos.c rsa_err.c rsa_asn1.c rsa_ameth.c rsa_prn.c \ -rsa_pmeth.c rsa_meth.c rsa_mp.c rsa_ssl.c +rsa_pmeth.c rsa_meth.c rsa_mp.c IF[{- !$disabled{'deprecated-0.9.8'} -}] SOURCE[../../libcrypto]=rsa_depr.c ENDIF diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 49a0071031..6d3bc05c14 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -195,9 +195,6 @@ int
[openssl] master update
The branch master has been updated via d546e8e267bfddc1ca310dfa8b9a72ab4f9aac7c (commit) via 7932982b88f5095f60397fe727d27ddf7234f4d6 (commit) from e60e974414a7e637ff2f946dc2aa24c381a32cc2 (commit) - Log - commit d546e8e267bfddc1ca310dfa8b9a72ab4f9aac7c Author: Dr. David von Oheimb Date: Wed Feb 17 17:24:19 2021 +0100 Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14009) commit 7932982b88f5095f60397fe727d27ddf7234f4d6 Author: Dr. David von Oheimb Date: Thu Jan 28 22:10:47 2021 +0100 OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query, and frag components. All usages of this function, which are client-only, silently ignore userinfo and frag components, while the query component is taken as part of the path. Update and extend the unit tests and all affected documentation. Document and deprecat OCSP_parse_url(). Fixes an issue that came up when discussing FR #14001. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14009) --- Summary of changes: CHANGES.md | 4 + apps/cmp.c | 3 +- apps/lib/apps.c | 3 +- apps/ocsp.c | 7 +- apps/s_server.c | 10 +- crypto/err/openssl.txt | 2 +- crypto/http/http_client.c| 28 ++--- crypto/http/http_err.c | 4 +- crypto/http/http_lib.c | 260 ++- doc/man1/openssl-cmp.pod.in | 16 ++- doc/man1/openssl-ocsp.pod.in | 2 + doc/man1/openssl-s_server.pod.in | 2 + doc/man3/OSSL_HTTP_parse_url.pod | 83 + doc/man3/OSSL_HTTP_transfer.pod | 57 +++-- include/openssl/http.h | 17 +-- include/openssl/httperr.h| 2 +- include/openssl/ocsp.h.in| 2 +- test/http_test.c | 63 -- util/libcrypto.num | 1 + util/missingcrypto.txt | 1 - 20 files changed, 391 insertions(+), 176 deletions(-) create mode 100644 doc/man3/OSSL_HTTP_parse_url.pod diff --git a/CHANGES.md b/CHANGES.md index 335b492e4f..0bc5f81100 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -119,6 +119,10 @@ OpenSSL 3.0 *Rich Salz and Richard Levitte* + * Deprecated `OCSP_parse_url()`, which is replaced with `OSSL_HTTP_parse_url`. + + *David von Oheimb* + * Validation of SM2 keys has been separated from the validation of regular EC keys, allowing to improve the SM2 validation process to reject loaded private keys that are not conforming to the SM2 ISO standard. diff --git a/apps/cmp.c b/apps/cmp.c index 5778fd95a7..d04af4177b 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1855,7 +1855,8 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) CMP_err("missing -server option"); goto err; } -if (!OSSL_HTTP_parse_url(opt_server, , , , , )) { +if (!OSSL_HTTP_parse_url(opt_server, , NULL /* user */, , , + , , NULL /* q */, NULL /* frag */)) { CMP_err1("cannot parse -server URL: %s", opt_server); goto err; } diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 634bebde42..2a5ec6bb65 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2271,7 +2271,8 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, return NULL; } -if (!OSSL_HTTP_parse_url(url, , , NULL, NULL, _ssl)) +if (!OSSL_HTTP_parse_url(url, _ssl, NULL /* userinfo */, , , + NULL /* port_num, */, NULL, NULL, NULL)) return NULL; if (use_ssl && ssl_ctx == NULL) { ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER, diff --git a/apps/ocsp.c b/apps/ocsp.c index 97f9403ff1..e61774a8a3 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -275,9 +275,10 @@ int ocsp_main(int argc, char **argv) OPENSSL_free(tport); OPENSSL_free(tpath); thost = tport = tpath = NULL; -if (!OSSL_HTTP_parse_url(opt_arg(), - , , NULL, , _ssl)) { -BIO_printf(bio_err, "%s Error parsing URL\n", prog); +if (!OSSL_HTTP_parse_url(opt_arg(), _ssl, NULL /* userinfo */, + , , NULL /* port_num */, + , NULL /* qry */, NULL /* frag */)) { +BIO_printf(bio_err, "%s Error parsing -url argument\n", prog); goto end; } thost = host; diff --git a/apps/s_server.c
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: e60e974414 apps/x509.c: Fix mem leaks in processing of -next_serial in print loop 46a11faf3b apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() 859e5f1621 apps/x509.c: Improve indentation of the large print loop in x509_main() ed0a5ac920 apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently d5a936c5b1 rand: use params argument on instantiate call dbf299f73d core: add params argument to DRBG instantiate call f8a5822cff doc: update documenation with params argument on DRBG instantiate calls 7198bd1a8f test: update tests to allow for params argument for the instantiate call on EVP_RAND_CTXs b98d550d80 prov: update rand implementations to have a params argument for the instantiate call 8d5b197b28 fips: update DRBG KATs for the extra instantiate argument 671ff5c74e evp: add params argument to EVP_RAND_instantiate() 6980e36a2a doc: document additional argument to KDF derive calls f5081be376 prov: add additional argument to KDF derive call in key exchange 6bcd32a43f fips: add additional argument to KDF derive call in self test 36fae6e85a crypto: add additional argument to KDF derive calls bb0ab821f3 apps: add addition argument to KDF derive call 3469b38816 prov: add extra params argument to KDF implementations 5cceedb583 tls: adjust for extra argument to KDF derive call 05cdec396b test: adjust tests to include extra argument to KDF derive call 7c75f2daf8 evp: add param argument to KDF derive call a9603292fb core: add param argument to KDF derive call dc567dc746 doc: update provider-mac documentation to account for the additional init() arguments 9258f7efa7 doc: update KMAC doc to not say that the `KEY\' parameter needs to be set before the init call 7f7640c455 apps: update speed to use the additional arguments to MAC_init afa44486c5 doc: note the additional parameters to EVP_MAC_init() 1dfe97530f update poly1305 to have additional init arguments 80ba2526fa update BLAKE2 to have additional init arguments ac238428ce prov: update kmac to have additional init arguments c23f96f3f6 prov: update hmac to have additional init arguments 0a56b3c2e5 prov: update gmac to have additional init arguments 005b190297 prov: update cmac to have additional init arguments cf5784aa03 prov: use new MAC_init arguments in HMAC-DRBG 91593b3784 prov: use new MAC_init arguments in signature legacy code 19ea8a8a21 prov: update provider util to be less agressive about changing things unnecessarily fbff75caaa fips: update to use the extra MAC init arguments b58e1f7490 core: update to use the extra MAC init arguments 77e4ae58ea test: updates for the new additional MAC_init arguments 41df96efc1 evp_test: updates for the new additional MAC_init arguments 0edb819441 tls: updates for the new additional MAC_init arguments cc2314a9f6 evp: updates for the new additional MAC_init arguments 1dc28e742d crmf: updates for the new additional MAC_init arguments 4a5d8c0cb7 apps: updates for the new additional MAC_init arguments 2211bf6bb7 apps: update mac to work with additional MAC_init arguments. This doesn't include the creation of new 'key' arguments. ebf8274c55 apps: update fipsinstall to work with additional MAC_init arguments 2524ec1ac2 prov kdf: update to use the extra MAC init arguments 8f5d64b102 prov: update SipHash to new init function ae7d90a159 siphash: Add the C and D round parameters for SipHash. 1d73e2adae crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length c8182743a7 PROV: Implement an EC key -> blob encoder, to get the public key 8ab9c4ddc4 Modify i2d_PublicKey() so it can get an EC public key as a blob 3d36472660 test_ecpub: test that we can decode the DER we encoded ad7cb0bf5c test_ecpub: verify returned length after encoding c0ff1932e4 Add test for EC pubkey export/import 4ef70dbcf4 Code cleanup mostly in crypto/x509/v3_purp.c 90b4247cc5 Check ASN1_item_ndef_i2d() return value. d2ccfb9caa evp_pkey_provided_test: Improve diagnostic output 4519ea90eb tests: Always print errors before test verdict db7fbd54cf fuzzer: add ctx gettable/settable to the fuzzer RNG 2e36321aec test: add ctx gettable/settable to the generic fake random number generator e79fb279df core: support modified gettable/settable ctx calls for ciphers fe20a66ed4 changes to match the updated context gettable/settable calls for ciphers 292b4184d6 evp: upport modified gettable/settable ctx calls for ciphers 644c5dd366 prov: upport modified gettable/settable ctx calls for ciphers 35c76a528b evp: support modified gettable/settable ctx calls for MACs 8dd233bb07 doc: changes to match the updated context gettable/settable calls for MACs 5a7134ee10 core: core: support modified gettable/settable ctx calls for MACs eee323c339 prov: support modified
Build failed: openssl master.40304
Build openssl master.40304 failed Commit fc7035b39e by Fangming.Fang on 2/25/2021 8:21 AM: Fix compiling error on arm Configure your notification preferences