Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-pic
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-pic Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 70-test_sslcertstatus.t skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t . skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . skipped: Test only supported in a shared build 90-test_gmdiff.t ... ok 90-test_gost.t
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): # Failed test 'popo NONE' # at ../openssl/test/recipes/80-test_cmp_http.t line 145. # cmp_main:../openssl/apps/cmp.c:2728:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2327:CMP warning: argument of -proxy option is empty string, resetting option # warn_cert_msg:../openssl/apps/cmp.c:694:CMP warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # setup_client_ctx:../openssl/apps/cmp.c:2044:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:2094:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem -out_trusted root.crt => 0 not ok 48 - popo KEYENC not supported # -- # Looks like you failed 3 tests of 92. not ok 5 - CMP app CLI Mock enrollment # -- # # Failed test 'CMP app CLI Mock enrollment # ' # at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335. # Looks like you failed 3 tests of 5.80-test_cmp_http.t . Dubious, test returned 3 (wstat 768, 0x300) Failed 3/5 subtests # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . skipped: Test only supported in a shared build 90-test_gmdiff.t ... ok 90-test_gost.t . skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t
[openssl] master update
The branch master has been updated via 8f08957674c2015fad72ea240bbff4564b83d518 (commit) via 3c5ce1ce81bfcf84a64c93c74eb40c90a2a49c54 (commit) via 7bbfbc8239b1d9edd36830e08c30f9681baba4c7 (commit) from 3d0b56785aeefd2b5a08a0da99d6a09ae6a494b9 (commit) - Log - commit 8f08957674c2015fad72ea240bbff4564b83d518 Author: Pauli Date: Wed Mar 10 19:37:02 2021 +1000 rename ossl_provider_forall_loaded to ossl_provider_doall_activated Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14489) commit 3c5ce1ce81bfcf84a64c93c74eb40c90a2a49c54 Author: Pauli Date: Wed Mar 10 11:46:00 2021 +1000 doc: describe the return from ossl_provider_forall_loaded() Also correct an incorrect statement about non-activated providers. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14489) commit 7bbfbc8239b1d9edd36830e08c30f9681baba4c7 Author: Pauli Date: Wed Mar 10 11:39:59 2021 +1000 core: modify ossl_provider_forall_loaded() to avoid locking for the callbacks To avoid recursive lock issues, a copy is taken of the provider list and the callbacks are made without holding the store lock. Fixes #14251 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14489) --- Summary of changes: crypto/core_algorithm.c | 2 +- crypto/provider.c | 2 +- crypto/provider_core.c | 85 - doc/internal/man3/ossl_provider_new.pod | 18 --- include/internal/provider.h | 8 ++-- 5 files changed, 59 insertions(+), 56 deletions(-) diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index 6222c5364d..3fcb2226c7 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -107,7 +107,7 @@ void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, cbdata.data = data; if (provider == NULL) -ossl_provider_forall_loaded(libctx, algorithm_do_this, ); +ossl_provider_doall_activated(libctx, algorithm_do_this, ); else algorithm_do_this(provider, ); } diff --git a/crypto/provider.c b/crypto/provider.c index 9c94e4e377..bdff44afb9 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -134,5 +134,5 @@ int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx, void *cbdata), void *cbdata) { -return ossl_provider_forall_loaded(ctx, cb, cbdata); +return ossl_provider_doall_activated(ctx, cb, cbdata); } diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 9536cb65d1..47eda52224 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -726,36 +726,6 @@ void *ossl_provider_ctx(const OSSL_PROVIDER *prov) return prov->provctx; } - -static int provider_forall_loaded(struct provider_store_st *store, - int *found_activated, - int (*cb)(OSSL_PROVIDER *provider, -void *cbdata), - void *cbdata) -{ -int i; -int ret = 1; -int num_provs; - -num_provs = sk_OSSL_PROVIDER_num(store->providers); - -if (found_activated != NULL) -*found_activated = 0; -for (i = 0; i < num_provs; i++) { -OSSL_PROVIDER *prov = -sk_OSSL_PROVIDER_value(store->providers, i); - -if (prov->flag_activated) { -if (found_activated != NULL) -*found_activated = 1; -if (!(ret = cb(prov, cbdata))) -break; -} -} - -return ret; -} - /* * This function only does something once when store->use_fallbacks == 1, * and then sets store->use_fallbacks = 0, so the second call and so on is @@ -809,13 +779,14 @@ static void provider_activate_fallbacks(struct provider_store_st *store) CRYPTO_THREAD_unlock(store->lock); } -int ossl_provider_forall_loaded(OSSL_LIB_CTX *ctx, -int (*cb)(OSSL_PROVIDER *provider, - void *cbdata), -void *cbdata) +int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, + int (*cb)(OSSL_PROVIDER *provider, +void *cbdata), + void *cbdata) { -int ret = 1; +int ret = 0, i, j; struct provider_store_st *store = get_provider_store(ctx); +STACK_OF(OSSL_PROVIDER) *provs = NULL; #ifndef FIPS_MODULE /* @@ -825,18 +796,46 @@ int ossl_provider_forall_loaded(OSSL_LIB_CTX *ctx, OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); #endif -if (store != NULL) { -
[openssl] master update
The branch master has been updated via 3d0b56785aeefd2b5a08a0da99d6a09ae6a494b9 (commit) from 8bf611bc7f68ae6480f30e4ef085d141f3a2b884 (commit) - Log - commit 3d0b56785aeefd2b5a08a0da99d6a09ae6a494b9 Author: Matt Caswell Date: Wed Mar 10 10:34:18 2021 + Don't crash if the pkeyopt doesn't have a value All pkeyopt's must have a ":" and a value for the option. Not supplying one can cause a crash Fixes #14494 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14496) --- Summary of changes: apps/lib/apps.c | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 2a5ec6bb65..2938e91620 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1790,17 +1790,21 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) { -int rv; +int rv = 0; char *stmp, *vtmp = NULL; + stmp = OPENSSL_strdup(value); -if (!stmp) +if (stmp == NULL) return -1; vtmp = strchr(stmp, ':'); -if (vtmp) { -*vtmp = 0; -vtmp++; -} +if (vtmp == NULL) +goto err; + +*vtmp = 0; +vtmp++; rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp); + + err: OPENSSL_free(stmp); return rv; }
[openssl] master update
The branch master has been updated via 3d8905f85945d899192b113ae495e99894687c4f (commit) from 0a8e6c1fb77612feba350a67dad3e548300785a7 (commit) - Log - commit 3d8905f85945d899192b113ae495e99894687c4f Author: Rich Salz Date: Thu Feb 18 16:27:08 2021 -0500 Fix error-checking compiles for mutex Fixes: #14229 Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14264) --- Summary of changes: INSTALL.md | 7 +++ crypto/threads_pthread.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 01c360e8d4..d6ef21d20e 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1666,6 +1666,13 @@ most UNIX/Linux systems), and Windows threads. No other threading models are supported. If your platform does not provide pthreads or Windows threads then you should use `Configure` with the `no-threads` option. +For pthreads, all locks are non-recursive. In addition, in a debug build, +the mutex attribute `PTHREAD_MUTEX_ERRORCHECK` is used. If this is not +available on your platform, you might have to add +`-DOPENSSL_NO_MUTEX_ERRORCHECK` to your `Configure` invocation. +(On Linux `PTHREAD_MUTEX_ERRORCHECK` is an enum value, so a built-in +ifdef test cannot be used.) + Notes on shared libraries - diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 3004e1bd2f..e81f3cf1ef 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -55,7 +55,7 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) * We don't use recursive mutexes, but try to catch errors if we do. */ pthread_mutexattr_init(); -# if defined(NDEBUG) && defined(PTHREAD_MUTEX_ERRORCHECK) +# if !defined(NDEBUG) && !defined(OPENSSL_NO_MUTEX_ERRORCHECK) pthread_mutexattr_settype(, PTHREAD_MUTEX_ERRORCHECK); # else pthread_mutexattr_settype(, PTHREAD_MUTEX_NORMAL);
[openssl] master update
The branch master has been updated via 0a8e6c1fb77612feba350a67dad3e548300785a7 (commit) from 92e9359b24660228fa8fbf9129837ce5ab287715 (commit) - Log - commit 0a8e6c1fb77612feba350a67dad3e548300785a7 Author: Anthony Hu Date: Wed Mar 10 11:15:57 2021 -0500 Increase the upper limit on group name length While all the standardized groups would fit within the old limit, with the addition of providers, some might want to experiment with new and unstandardized groups. As such, their names might not fit within the old limit. Define it as GROUP_NAME_BUFFER_LENGTH with value 64. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14502) --- Summary of changes: ssl/t1_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4d66db9f9d..a389b0feed 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -693,7 +693,7 @@ err: /* TODO(3.0): An arbitrary amount for now. Take another look at this */ # define MAX_GROUPLIST 40 - +# define GROUP_NAME_BUFFER_LENGTH 64 typedef struct { SSL_CTX *ctx; size_t gidcnt; @@ -705,7 +705,7 @@ static int gid_cb(const char *elem, int len, void *arg) gid_cb_st *garg = arg; size_t i; uint16_t gid = 0; -char etmp[20]; +char etmp[GROUP_NAME_BUFFER_LENGTH]; if (elem == NULL) return 0;
[openssl] master update
The branch master has been updated via 92e9359b24660228fa8fbf9129837ce5ab287715 (commit) via c9d01f4186817612e8afa401951e0968aed83b2e (commit) from 6bbff162f1d72ed52d705c4c146cd3152ef4648c (commit) - Log - commit 92e9359b24660228fa8fbf9129837ce5ab287715 Author: Richard Levitte Date: Tue Mar 9 18:49:06 2021 +0100 TEST: Stop the cleanup in test/recipes/20-test_mac.t Let the files remain to make test forensics easy Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14484) commit c9d01f4186817612e8afa401951e0968aed83b2e Author: Richard Levitte Date: Tue Mar 9 18:23:39 2021 +0100 PROV: use EVP_CIPHER_CTX_set_params() rather than EVP_CIPHER_CTX_ctrl() This is in gmac_final(), where the cipher is known to be fetched. It's more suitable to use OSSL_PARAMs than _ctrl functions, as the latter are expected to become obsolete. Fixes #14359 Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14484) --- Summary of changes: providers/implementations/macs/gmac_prov.c | 7 --- test/recipes/20-test_mac.t | 20 +--- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index 14ca948077..1f4047ccd3 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -146,6 +146,7 @@ static int gmac_update(void *vmacctx, const unsigned char *data, static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, size_t outsize) { +OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; struct gmac_data_st *macctx = vmacctx; int hlen = 0; @@ -155,10 +156,10 @@ static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, if (!EVP_EncryptFinal_ex(macctx->ctx, out, )) return 0; -/* TODO(3.0) Use params */ hlen = gmac_size(); -if (!EVP_CIPHER_CTX_ctrl(macctx->ctx, EVP_CTRL_AEAD_GET_TAG, - hlen, out)) +params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + out, (size_t)hlen); +if (!EVP_CIPHER_CTX_get_params(macctx->ctx, params)) return 0; *outl = hlen; diff --git a/test/recipes/20-test_mac.t b/test/recipes/20-test_mac.t index fac72cfaaf..b6a8078763 100644 --- a/test/recipes/20-test_mac.t +++ b/test/recipes/20-test_mac.t @@ -97,21 +97,26 @@ push @mac_fail_tests, @siphash_fail_tests unless disabled("siphash"); plan tests => (scalar @mac_tests * 2) + scalar @mac_fail_tests; +my $test_count = 0; + foreach (@mac_tests) { +$test_count++; ok(compareline($_->{cmd}, $_->{type}, $_->{input}, $_->{expected}, $_->{err}), $_->{desc}); } foreach (@mac_tests) { +$test_count++; ok(comparefile($_->{cmd}, $_->{type}, $_->{input}, $_->{expected}), $_->{desc}); } foreach (@mac_fail_tests) { +$test_count++; ok(compareline($_->{cmd}, $_->{type}, $_->{input}, $_->{expected}, $_->{err}), $_->{desc}); } # Create a temp input file and save the input data into it, and # then compare the stdout output matches the expected value. sub compareline { -my $tmpfile = 'tmp.bin'; +my $tmpfile = "input-$test_count.bin"; my ($cmdarray_orig, $type, $input, $expect, $err) = @_; my $cmdarray = dclone $cmdarray_orig; if (defined($expect)) { @@ -129,7 +134,7 @@ sub compareline { push @$cmdarray, @other; my @lines = run(app($cmdarray), capture => 1); -unlink $tmpfile; +# Not unlinking $tmpfile if (defined($expect)) { if ($lines[1] =~ m|^\Q${expect}\E\R$|) { @@ -162,8 +167,8 @@ sub compareline { # use the '-bin -out ' commandline options to save results out to a file. # Read this file back in and check its output matches the expected value. sub comparefile { -my $tmpfile = 'tmp.bin'; -my $outfile = 'out.bin'; +my $tmpfile = "input-$test_count.bin"; +my $outfile = "output-$test_count.bin"; my ($cmdarray, $type, $input, $expect) = @_; $expect = uc $expect; @@ -178,16 +183,17 @@ sub comparefile { push @$cmdarray, @other; run(app($cmdarray)); -unlink $tmpfile; +# Not unlinking $tmpfile + open(my $out, '<', $outfile) or die "Could not open file"; binmode($out); my $buffer; my $BUFSIZE = 1024; read($out, $buffer, $BUFSIZE) or die "unable to read"; - +# Not unlinking $outfile + my $line = uc unpack("H*", $buffer); close($out); -unlink $outfile; if ($line eq $expect) { return 1;
[web] master update
The branch master has been updated via abbb2d45bbd7db0f8733a2ca997300b572d19061 (commit) from a12160447e27f7fd9dd1d84441d527de2545a4a8 (commit) - Log - commit abbb2d45bbd7db0f8733a2ca997300b572d19061 Author: Richard Levitte Date: Thu Mar 11 16:27:33 2021 +0100 Complete the transition changelog.txt -> changelog.md Almost a year ago, in 4b0220368e888aab29972537aff8602a45b724e9, changelog.txt was renamed to changelog.md. It seems, however, that we didn't make that change complete. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/224) --- Summary of changes: .gitignore | 2 +- Makefile | 2 +- news/changelog.html.tt | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 83f4641..e2cf52a 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,7 @@ docs/fips.inc docs/man*/ news/changelog.html news/changelog.inc -news/changelog.txt +news/changelog.md news/cl*.txt news/newsflash.inc news/openssl-*-notes.html diff --git a/Makefile b/Makefile index 4b1bd1f..741be51 100644 --- a/Makefile +++ b/Makefile @@ -218,7 +218,7 @@ news/$(1): $(CHECKOUTS)/$(2) cp $$? $$@ endef -# Create the target 'news/changelog.txt', taking the source from +# Create the target 'news/changelog.md', taking the source from # $(CHECKOUTS)/openssl/CHANGES.md $(eval $(call mknews_changelogtxt,changelog.md,openssl/CHANGES.md)) diff --git a/news/changelog.html.tt b/news/changelog.html.tt index 95097b7..2b7a510 100644 --- a/news/changelog.html.tt +++ b/news/changelog.html.tt @@ -22,8 +22,8 @@ This is the changelog for the master branch, the one that is currently in active development. - The plain-text version of this document is available - here: changelog.txt + The plain-text / markdown version of this document is available + here: changelog.md For other branches, the changelogs are distributed with
[openssl] master update
The branch master has been updated via 6bbff162f1d72ed52d705c4c146cd3152ef4648c (commit) from e66682a838a60351cf112830dee263862a1f9d10 (commit) - Log - commit 6bbff162f1d72ed52d705c4c146cd3152ef4648c Author: Dr. David von Oheimb Date: Tue Mar 9 13:32:43 2021 +0100 openssl-cmp.pod.in and apps/cmp.c: Various minor do improvements Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14493) --- Summary of changes: apps/cmp.c | 18 doc/man1/openssl-cmp.pod.in | 109 +--- 2 files changed, 63 insertions(+), 64 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 40815930cf..519e0bc2a5 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -71,6 +71,7 @@ static char server_port[32] = { '\0' }; static char *opt_path = NULL; static char *opt_proxy = NULL; static char *opt_no_proxy = NULL; +static char *opt_recipient = NULL; static int opt_msg_timeout = -1; static int opt_total_timeout = -1; @@ -78,7 +79,6 @@ static int opt_total_timeout = -1; static char *opt_trusted = NULL; static char *opt_untrusted = NULL; static char *opt_srvcert = NULL; -static char *opt_recipient = NULL; static char *opt_expect_sender = NULL; static int opt_ignore_keyusage = 0; static int opt_unprotected_errors = 0; @@ -204,10 +204,11 @@ typedef enum OPTION_choice { OPT_OLDCERT, OPT_REVREASON, OPT_SERVER, OPT_PATH, OPT_PROXY, OPT_NO_PROXY, +OPT_RECIPIENT, OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT, OPT_TRUSTED, OPT_UNTRUSTED, OPT_SRVCERT, -OPT_RECIPIENT, OPT_EXPECT_SENDER, +OPT_EXPECT_SENDER, OPT_IGNORE_KEYUSAGE, OPT_UNPROTECTED_ERRORS, OPT_EXTRACERTSOUT, OPT_CACERTSOUT, @@ -340,6 +341,8 @@ const OPTIONS cmp_options[] = { "List of addresses of servers not to use HTTP(S) proxy for"}, {OPT_MORE_STR, 0, 0, "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, +{"recipient", OPT_RECIPIENT, 's', + "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"}, {"msg_timeout", OPT_MSG_TIMEOUT, 'n', "Timeout per CMP message round trip (or 0 for none). Default 120 seconds"}, {"total_timeout", OPT_TOTAL_TIMEOUT, 'n', @@ -353,8 +356,6 @@ const OPTIONS cmp_options[] = { "Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"}, {"srvcert", OPT_SRVCERT, 's', "Server cert to pin and trust directly when verifying signed CMP responses"}, -{"recipient", OPT_RECIPIENT, 's', - "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"}, {"expect_sender", OPT_EXPECT_SENDER, 's', "DN of expected sender of responses. Defaults to subject of -srvcert, if any"}, {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', @@ -527,10 +528,11 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {_oldcert}, {(char **)_revreason}, {_server}, {_path}, {_proxy}, {_no_proxy}, +{_recipient}, {(char **)_msg_timeout}, {(char **)_total_timeout}, {_trusted}, {_untrusted}, {_srvcert}, -{_recipient}, {_expect_sender}, +{_expect_sender}, {(char **)_ignore_keyusage}, {(char **)_unprotected_errors}, {_extracertsout}, {_cacertsout}, @@ -2375,6 +2377,9 @@ static int get_opts(int argc, char **argv) case OPT_PATH: opt_path = opt_str("path"); break; +case OPT_RECIPIENT: +opt_recipient = opt_str("recipient"); +break; case OPT_MSG_TIMEOUT: if ((opt_msg_timeout = opt_nat()) < 0) goto opthelp; @@ -2444,9 +2449,6 @@ static int get_opts(int argc, char **argv) case OPT_SRVCERT: opt_srvcert = opt_str("srvcert"); break; -case OPT_RECIPIENT: -opt_recipient = opt_str("recipient"); -break; case OPT_EXPECT_SENDER: opt_expect_sender = opt_str("expect_sender"); break; diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 5d09557e04..f449cb6630 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -15,7 +15,7 @@ B B Generic message options: -[B<-cmd> I] +[B<-cmd> I] [B<-infotype> I] [B<-geninfo> I] @@ -51,22 +51,22 @@ Message transfer options: [B<-path> I] [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>] [B<-no_proxy> I] +[B<-recipient> I] [B<-msg_timeout> I] [B<-total_timeout> I] Server authentication options: [B<-trusted> I|I] -[B<-untrusted> I] +[B<-untrusted> I|I] [B<-srvcert> I|I] -[B<-recipient> I] [B<-expect_sender> I] [B<-ignore_keyusage>] [B<-unprotected_errors>] [B<-extracertsout> I] [B<-cacertsout> I] -Client authentication options: +Client authentication and
[web] master update
The branch master has been updated via a12160447e27f7fd9dd1d84441d527de2545a4a8 (commit) from 534023923c6dc5b0d26ea9a1fd28456f80afd311 (commit) - Log - commit a12160447e27f7fd9dd1d84441d527de2545a4a8 Author: Matt Caswell Date: Thu Mar 11 13:55:44 2021 + Update newsflash for the 3.0 alpha13 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/223) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 89e7ae8..1bbcaf2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +11-Mar-2021: Alpha 13 of OpenSSL 3.0 is now available: please download and test it 18-Feb-2021: Alpha 12 of OpenSSL 3.0 is now available: please download and test it 16-Feb-2021: OpenSSL 1.1.1j is now available, including bug and security fixes 28-Jan-2021: Alpha 11 of OpenSSL 3.0 is now available: please download and test it
[openssl] openssl-3.0.0-alpha13 create
The annotated tag openssl-3.0.0-alpha13 has been created at 534f796a081450da2bcab4d889dacef51cf13c3a (tag) tagging 88df2c0b3d6162971304c06a240deb9320c9ae67 (commit) replaces openssl-3.0.0-alpha12 tagged by Matt Caswell on Thu Mar 11 13:47:13 2021 + - Log - OpenSSL 3.0.0-alpha13 release tag -BEGIN PGP SIGNATURE- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmBKH2ERHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHhTggApIG8kTYo1+cmY6ju554WAwPrvGraob7T /V89xCAV/173BZo9YiJQ3CIYAkqbArrWiEvtzKq/ydSSPmUv3fw7d6LGCjaMr/nB xgnyxQWlYalZImVB5jasRYE2jUUPI0EMcBZqMRxfgXjnQ+gGDWQRt+9lv40fnbad 62YSI5GbIsNqH1U3+P8I7r8kPhA8tKErmX3IDtMAF6JRthp2N4dSzahGT3NLzp35 X9mu/nhzfZAzSTzjW4xSfoK+OIyeRz1kZyC+1rL+zmadWOt/juPk0JOQoPjYnU8v qP+RakyNNIeTywoKDNo2oJ+DVMRIHt4JCQ0YdTG2IC5KN37e0wzDvw== =wvd0 -END PGP SIGNATURE- Alistair Francis (1): Fixup support for io_pgetevents_time64 syscall Armin Fuerst (1): fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined Arthur Gautier (1): EVP_KDF-KB man page: Fix typo in the example code Benjamin Kaduk (5): Remove disabled TLS 1.3 ciphers from the SSL(_CTX) Check ASN1_item_ndef_i2d() return value. Add test for EC pubkey export/import test_ecpub: verify returned length after encoding test_ecpub: test that we can decode the DER we encoded Chenglong Zhang (1): Fix speed sm2 bug Daniel Bevenius (1): Fix typo in comment in DH_set0_pqg function Dmitry Belyavskiy (2): Restore GOST macros compatibility with 1.1.1 Non-const accessor to legacy keys Dr. David von Oheimb (24): Add internal X509_add_certs_new(), which simplifies matters Rename internal X509_add_cert_new() to ossl_x509_add_cert_new() 81-test_cmp_cli_data: fixup on CSR test cases CMP: Fix total_timeout behavior; small doc and diagnostic improvements Handle NULL result of ERR_reason_error_string() in some apps Code cleanup mostly in crypto/x509/v3_purp.c apps/x509.c: Fix too eager call to X509_set_issuer_name() introduced recently apps/x509.c: Improve indentation of the large print loop in x509_main() apps/x509.c: Improve print_name() and coding style of large print loop in x509_main() apps/x509.c: Fix mem leaks in processing of -next_serial in print loop OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() CMP: On NULL-DN subject or issuer input omit field in cert template openssl-cmp.pod.in: replace the term 'verify' by the more correct 'validate' OSSL_STORE: restore diagnostics on decrypt error; provide password hints crypto/ocsp/ocsp_cl.c: coding style improvements OCSP_resp_find_status.pod: Complete the RETURN VALUES section Make more use of X509_add_certs(); minor related code & comments cleanup Simplify OCSP_sendreq_bio() http_local.h: Remove unused declaration of HTTP_sendreq_bio() HTTP: Fix BIO_mem_d2i() on NULL mem input apps/x509.c: Rename -signkey to -key for consistency with the req app http_test.c: Fix minor Coverity issue CID 1473608 cmp_hdr.c: Fix minor Coverity issue CID 1473605 Fangming.Fang (1): Fix compiling error on arm Georg Höllrigl (1): rfc2606 compliant example domains for x509v3_config.pod John Baldwin (1): Correct the return value of BIO_get_ktls_*(). Mark (1): Fix filename escaping in c_rehash Matt Caswell (27): Prepare for 3.0 alpha 13 Don't forget the type of thing we are loading Pass the object type and data structure from the pem2der decoder Suppress errors about undocumented asn1_d2i_read_bio Document OPENSSL_LH_flush() Add documentation for the macro OPENSSL_VERSION_PREREQ Document the OSSL_PARAM_DEFN macro Note that the OSSL_CORE_MAKE_FUNC macro is reserved Fix no-tests on mingw Duplicate the file and func error strings Test errors from a provider can still be accessed after unload Don't hold a lock when calling a callback in ossl_namemap_doall_names Add a test for a names_do_all function Fix a copy error in evp_extra_test Add a multi thread test for downgrading keys Avoid a null pointer deref on a malloc failure Cache legacy keys instead of downgrading them Ensure the various legacy key EVP_PKEY getters/setters are deprecated Document the change in behaviour of the the low level key getters/setters Make the EVP_PKEY_get0* functions have a const return type Fix the check for suitable groups and TLSv1.3 Add a missing CHANGES.md entry for the legacy provider Add a CHANGES for OSSL_STORE_INFO_get_type() Expand the CHANGES entry for SHA1 and libssl Mention the change of licence in NEWS.md Update copyright
[openssl] master update
The branch master has been updated via e66682a838a60351cf112830dee263862a1f9d10 (commit) via 88df2c0b3d6162971304c06a240deb9320c9ae67 (commit) from 8020d79b4033400d0ef659a361c05b6902944042 (commit) - Log - commit e66682a838a60351cf112830dee263862a1f9d10 Author: Matt Caswell Date: Thu Mar 11 13:47:21 2021 + Prepare for 3.0 alpha 14 Reviewed-by: Richard Levitte commit 88df2c0b3d6162971304c06a240deb9320c9ae67 Author: Matt Caswell Date: Thu Mar 11 13:47:12 2021 + Prepare for release of 3.0 alpha 13 Reviewed-by: Richard Levitte --- Summary of changes: VERSION.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.dat b/VERSION.dat index e54cbf764d..2526e2d6e3 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha13-dev +PRE_RELEASE_TAG=alpha14-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 91-test_pkey_check.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz_asn1.t ok 99-test_fuzz_asn1parse.t ... ok 99-test_fuzz_bignum.t
[openssl] master update
The branch master has been updated via f70863d93ce3420f0e07841475a7e9680ca9 (commit) from 1aa7ecd0d3f6d9c3739cf2e2d87673a3be03b352 (commit) - Log - commit f70863d93ce3420f0e07841475a7e9680ca9 Author: Vincent Drake Date: Mon Mar 1 14:38:02 2021 -0500 Use read/write locking on Windows Fixes #13914 The "SRWLock" synchronization primitive is available in Windows Vista and later. CRYPTO_THREAD functions now use SRWLock functions when the target operating system supports them. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14381) --- Summary of changes: CHANGES.md | 5 + crypto/threads_win.c | 50 -- 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index a547b40829..bdac54c10f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,11 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX ] + * Windows thread synchronization uses read/write primitives (SRWLock) when + supported by the OS, otherwise CriticalSection continues to be used. + + *Vincent Drake* + * Add filter BIO BIO_f_readbuffer() that allows BIO_tell() and BIO_seek() to work on read only BIO source/sinks that do not support these functions. This allows piping or redirection of a file BIO using stdin to be buffered diff --git a/crypto/threads_win.c b/crypto/threads_win.c index ef68fe2d24..34c8964aa6 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -9,29 +9,49 @@ #if defined(_WIN32) # include +# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 +# include +# define USE_RWLOCK +# endif #endif #include #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) +# ifdef USE_RWLOCK +typedef struct { +SRWLOCK lock; +int exclusive; +} CRYPTO_win_rwlock; +# endif + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { CRYPTO_RWLOCK *lock; +# ifdef USE_RWLOCK +CRYPTO_win_rwlock *rwlock; + +if ((lock = OPENSSL_zalloc(sizeof(CRYPTO_win_rwlock))) == NULL) +return NULL; +rwlock = lock; +InitializeSRWLock(>lock); +# else if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) { /* Don't set error, to avoid recursion blowup. */ return NULL; } -# if !defined(_WIN32_WCE) +# if !defined(_WIN32_WCE) /* 0x400 is the spin count value suggested in the documentation */ if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { OPENSSL_free(lock); return NULL; } -# else +# else InitializeCriticalSection(lock); +# endif # endif return lock; @@ -39,19 +59,43 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) { +# ifdef USE_RWLOCK +CRYPTO_win_rwlock *rwlock = lock; + +AcquireSRWLockShared(>lock); +# else EnterCriticalSection(lock); +# endif return 1; } int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) { +# ifdef USE_RWLOCK +CRYPTO_win_rwlock *rwlock = lock; + +AcquireSRWLockExclusive(>lock); +rwlock->exclusive = 1; +# else EnterCriticalSection(lock); +# endif return 1; } int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) { +# ifdef USE_RWLOCK +CRYPTO_win_rwlock *rwlock = lock; + +if (rwlock->exclusive) { +rwlock->exclusive = 0; +ReleaseSRWLockExclusive(>lock); +} else { +ReleaseSRWLockShared(>lock); +} +# else LeaveCriticalSection(lock); +# endif return 1; } @@ -60,7 +104,9 @@ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) if (lock == NULL) return; +# ifndef USE_RWLOCK DeleteCriticalSection(lock); +# endif OPENSSL_free(lock); return;
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 70-test_sslcertstatus.t skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t . skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t . skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t . skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t . skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t . skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t . skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . skipped: Test only supported in a dso build 90-test_gmdiff.t ... ok 90-test_gost.t
[openssl] master update
The branch master has been updated via 1aa7ecd0d3f6d9c3739cf2e2d87673a3be03b352 (commit) from bf23b9a163658496c3cabb1d0a00a88b94aede0a (commit) - Log - commit 1aa7ecd0d3f6d9c3739cf2e2d87673a3be03b352 Author: panda Date: Mon Mar 8 13:12:42 2021 -0800 Check SSL_set1_chain error in set_cert_cb CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14469) --- Summary of changes: apps/lib/s_cb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 6737eca13e..0ca9038738 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -952,7 +952,8 @@ static int set_cert_cb(SSL *ssl, void *arg) if (!SSL_build_cert_chain(ssl, 0)) return 0; } else if (exc->chain != NULL) { -SSL_set1_chain(ssl, exc->chain); +if (!SSL_set1_chain(ssl, exc->chain)) +return 0; } } exc = exc->prev;
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: c8511e8980 Fix formatting error of HISTORY section in some manual pages. 762970bd68 Change default algorithms in PKCS12_create() and PKCS12_set_mac() 18fdebf174 Mention the change of licence in NEWS.md 0966aee5ed Expand the CHANGES entry for SHA1 and libssl f74f416b91 Add a CHANGES for OSSL_STORE_INFO_get_type() c7d4d032a1 Add a missing CHANGES.md entry for the legacy provider 896dcda18b Non-const accessor to legacy keys c99248ea81 EVP_KDF-KB man page: Fix typo in the example code e5499a3cac Fixup support for io_pgetevents_time64 syscall 4c52ee1dbf cmp_hdr.c: Fix minor Coverity issue CID 1473605 b6a06b13a4 http_test.c: Fix minor Coverity issue CID 1473608 3e6a0d5738 Reword repeated words. 889ad4ef81 apps/pkcs12: Allow continuing on absent mac 5e9a8678c5 apps/pkcs12: Detect missing PKCS12KDF support on import 913f9d5e52 apps/pkcs12: Properly detect MAC setup failure 31e2e6e0b1 fake_rand_finish should be called if "OPENSSL_NO_SM2" is NOT defined 9afc6c5431 Fix the check for suitable groups and TLSv1.3 7bc0fdd3fd Make the EVP_PKEY_get0* functions have a const return type cc57dc9625 Document the change in behaviour of the the low level key getters/setters 8e53d94d99 Ensure the various legacy key EVP_PKEY getters/setters are deprecated b574c6a9ac Cache legacy keys instead of downgrading them ec961f866a Avoid a null pointer deref on a malloc failure e8afd78af6 Add a multi thread test for downgrading keys Build log ended with (last 100 lines): 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 91-test_pkey_check.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz_asn1.t ok 99-test_fuzz_asn1parse.t ... ok 99-test_fuzz_bignum.t .. ok 99-test_fuzz_bndiv.t