Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 05aed12f54 CORE: pre-populate the namemap with legacy OIDs too a0fff549e6 TEST: Use OSSL_MAX_NAME_SIZE instead of arbitrary number of mdname 01ba6c8e43 CORE: Register all legacy "names" when generating the initial namemap ad57a13bb8 Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt() 42423ac961 TEST: Modify how the retrieved digest name for SM2 digestsign is checked 6ee1ae3293 TEST: Modify testutil's run_tests to display NOSUBTEST cases individually ebb3c82b9c TEST: Modify test/evp_fetch_prov_test.c to also fetch by OID e2f5df3613 PROV: Add OIDs we know to all provider applicable algorithms f6c95e46c0 Add "origin" field to EVP_CIPHER, EVP_MD 543e740b95 Standard style for all EVP_xxx_free routines ad72484909 Fix typo in aesccm.c 44c75ba67d apps/cmp.c: Fix TLS hostname checking in case -server provides more than hostname cd69b4bd7c OSSL_CMP_CTX_new(): Fix distinction of out-of-memory and other errors e494fac705 Fix naming for EVP_RAND_CTX_gettable functions. 7b9f02798f Sanity check provider up-calls 6ce58488bd Store some FIPS global variables in the FIPS_GLOBAL structure 81cc5ce1a0 lifecycle: update master lifecycle transition spreadsheet fixing the ettable issue ed34837807 lifecycle: correct [sg]ettable to [sg]et b000a2f95b demos: Add clean target for bio/Makefile 42e7d2f10e Add more negative checks for integers passed to OPENSSL_malloc(). 34ed733396 SipHash: Fix CTRL API for the digest size. 4a95b70d1e Github workflows: re-implement a no-shared build a732a4c329 Add EVP_PKEY_todata() and EVP_PKEY_export() functions. a56fcf20da Add OID for mdc2WithRSASignature and remove related TODO 3.0 ddf0d149e2 Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name 9c1b19eb6f changes: note that some ctrl calls have a different error return. 7e43baed2a Do not allow creating empty RSA keys by duplication 85fcc3fb77 Remove keymgmt_copy function from the provider API b4f447c038 Add selection support to the provider keymgmt_dup function 4a9fe33c8e Implement provider-side keymgmt_dup function Build log ended with (last 100 lines): 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # Killing mock server with pid=45622180-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoalginit
Platform and configuration command: $ uname -a Linux run 5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoalginit Commit log since last time: 05aed12f54 CORE: pre-populate the namemap with legacy OIDs too a0fff549e6 TEST: Use OSSL_MAX_NAME_SIZE instead of arbitrary number of mdname 01ba6c8e43 CORE: Register all legacy "names" when generating the initial namemap ad57a13bb8 Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt() 42423ac961 TEST: Modify how the retrieved digest name for SM2 digestsign is checked 6ee1ae3293 TEST: Modify testutil's run_tests to display NOSUBTEST cases individually ebb3c82b9c TEST: Modify test/evp_fetch_prov_test.c to also fetch by OID e2f5df3613 PROV: Add OIDs we know to all provider applicable algorithms f6c95e46c0 Add "origin" field to EVP_CIPHER, EVP_MD 543e740b95 Standard style for all EVP_xxx_free routines ad72484909 Fix typo in aesccm.c 44c75ba67d apps/cmp.c: Fix TLS hostname checking in case -server provides more than hostname cd69b4bd7c OSSL_CMP_CTX_new(): Fix distinction of out-of-memory and other errors e494fac705 Fix naming for EVP_RAND_CTX_gettable functions. 7b9f02798f Sanity check provider up-calls 6ce58488bd Store some FIPS global variables in the FIPS_GLOBAL structure 81cc5ce1a0 lifecycle: update master lifecycle transition spreadsheet fixing the ettable issue ed34837807 lifecycle: correct [sg]ettable to [sg]et b000a2f95b demos: Add clean target for bio/Makefile 42e7d2f10e Add more negative checks for integers passed to OPENSSL_malloc(). 34ed733396 SipHash: Fix CTRL API for the digest size. 4a95b70d1e Github workflows: re-implement a no-shared build a732a4c329 Add EVP_PKEY_todata() and EVP_PKEY_export() functions. a56fcf20da Add OID for mdc2WithRSASignature and remove related TODO 3.0 ddf0d149e2 Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name 9c1b19eb6f changes: note that some ctrl calls have a different error return. 7e43baed2a Do not allow creating empty RSA keys by duplication 85fcc3fb77 Remove keymgmt_copy function from the provider API b4f447c038 Add selection support to the provider keymgmt_dup function 4a9fe33c8e Implement provider-side keymgmt_dup function Build log ended with (last 100 lines): clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODUL ESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o -c -o providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o ../openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c clang -I. -Icrypto -Iinclude -Iproviders/implementations/include -Iproviders/common/include -I../openssl -I../openssl/crypto -I../openssl/include -I../openssl/providers/implementations/include -I../openssl/providers/common/include -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_IA32_SSE2 -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODUL ESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.d.tmp -MT providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o -c -o
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm
Platform and configuration command: $ uname -a Linux run 5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: 05aed12f54 CORE: pre-populate the namemap with legacy OIDs too a0fff549e6 TEST: Use OSSL_MAX_NAME_SIZE instead of arbitrary number of mdname 01ba6c8e43 CORE: Register all legacy "names" when generating the initial namemap ad57a13bb8 Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt() 42423ac961 TEST: Modify how the retrieved digest name for SM2 digestsign is checked 6ee1ae3293 TEST: Modify testutil's run_tests to display NOSUBTEST cases individually ebb3c82b9c TEST: Modify test/evp_fetch_prov_test.c to also fetch by OID e2f5df3613 PROV: Add OIDs we know to all provider applicable algorithms f6c95e46c0 Add "origin" field to EVP_CIPHER, EVP_MD 543e740b95 Standard style for all EVP_xxx_free routines ad72484909 Fix typo in aesccm.c 44c75ba67d apps/cmp.c: Fix TLS hostname checking in case -server provides more than hostname cd69b4bd7c OSSL_CMP_CTX_new(): Fix distinction of out-of-memory and other errors e494fac705 Fix naming for EVP_RAND_CTX_gettable functions. 7b9f02798f Sanity check provider up-calls 6ce58488bd Store some FIPS global variables in the FIPS_GLOBAL structure 81cc5ce1a0 lifecycle: update master lifecycle transition spreadsheet fixing the ettable issue ed34837807 lifecycle: correct [sg]ettable to [sg]et b000a2f95b demos: Add clean target for bio/Makefile 42e7d2f10e Add more negative checks for integers passed to OPENSSL_malloc(). 34ed733396 SipHash: Fix CTRL API for the digest size. 4a95b70d1e Github workflows: re-implement a no-shared build a732a4c329 Add EVP_PKEY_todata() and EVP_PKEY_export() functions. a56fcf20da Add OID for mdc2WithRSASignature and remove related TODO 3.0 ddf0d149e2 Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name 9c1b19eb6f changes: note that some ctrl calls have a different error return. 7e43baed2a Do not allow creating empty RSA keys by duplication 85fcc3fb77 Remove keymgmt_copy function from the provider API b4f447c038 Add selection support to the provider keymgmt_dup function 4a9fe33c8e Implement provider-side keymgmt_dup function Build log ended with (last 100 lines): test/helpers/tls13ccstest-bin-ssltestlib.o \ test/tls13ccstest-bin-tls13ccstest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/tls13secretstest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/tls13secretstest \ crypto/tls13secretstest-bin-packet.o \ ssl/tls13secretstest-bin-tls13_enc.o \ test/tls13secretstest-bin-tls13secretstest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/uitest ${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/uitest \ apps/lib/uitest-bin-apps_ui.o test/uitest-bin-uitest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread make[1]: Leaving directory '/home/openssl/run-checker/no-asm' $ make test /usr/bin/perl ./util/wrap.pl apps/openssl fipsinstall -module providers/fips.so -provider_name fips -mac_name HMAC -section_name fips_sect > providers/fipsmodule.cnf HMAC : (Module_Integrity) : Pass SHA1 : (KAT_Digest) : Pass SHA2 : (KAT_Digest) : Pass SHA3 : (KAT_Digest) : Pass TDES : (KAT_Cipher) : Pass AES_GCM_Encrypt : (KAT_Cipher) : Pass AES_ECB_Decrypt : (KAT_Cipher) : Pass RSA : (KAT_Signature) : RNG : (Continuous_RNG_Test) : Pass Pass ECDSA : (KAT_Signature) : Pass DSA : (KAT_Signature) : Pass TLS12_PRF : (KAT_KDF) : Pass PBKDF2 : (KAT_KDF) : Pass SSHKDF : (KAT_KDF) : Pass KBKDF : (KAT_KDF) : Pass HKDF : (KAT_KDF) : Pass SSKDF : (KAT_KDF) : Pass X963KDF : (KAT_KDF) : Pass X942KDF : (KAT_KDF) : Pass HASH : (DRBG) : Pass CTR : (DRBG) : Pass HMAC : (DRBG) : Pass DH : (KAT_KA) : Pass ECDH : (KAT_KA) : Pass RSA_Encrypt : (KAT_AsymmetricCipher) : Pass RSA_Decrypt : (KAT_AsymmetricCipher) : Pass RSA_Decrypt : (KAT_AsymmetricCipher) : Pass INSTALL PASSED
[openssl] master update
The branch master has been updated via ae6f65ae08262d4c32575ad94e491d9fb59f00ff (commit) from 185e1aa226706844dcfed45a989aa6a97fc0fe8a (commit) - Log - commit ae6f65ae08262d4c32575ad94e491d9fb59f00ff Author: Matt Caswell Date: Mon Apr 12 17:04:43 2021 +0100 Change the default MANSUFFIX We now use the MANSUFFIX "ossl" by default. Fixes #14318 Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14847) --- Summary of changes: CHANGES.md| 4 Configurations/unix-Makefile.tmpl | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 76ba709c0e..9b4a122e6c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,10 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX ] + * The default manual page suffix ($MANSUFFIX) has been changed to "ossl" + + *Matt Caswell* + * Added support for Kernel TLS (KTLS). In order to use KTLS, support for it must be compiled in using the "enable-ktls" compile time option. It must also be enabled at run time using the SSL_OP_ENABLE_KTLS option. diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index c04271c468..64c5faff18 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -288,7 +288,7 @@ HTMLDIR=$(DOCDIR)/html # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -MANSUFFIX= +MANSUFFIX=ossl HTMLSUFFIX=html # For "optional" echo messages, to get "real" silence @@ -1356,7 +1356,7 @@ EOF my $pod = $gen0; return <<"EOF"; $args{src}: $pod - pod2man --name=$name --section=$section --center=OpenSSL \\ + pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ --release=\$(VERSION) $pod >\$\@ EOF } elsif (platform->isdef($args{src})) {
[openssl] master update
The branch master has been updated via 185e1aa226706844dcfed45a989aa6a97fc0fe8a (commit) from 05aed12f54de44df586d8912172b4ec05a8af855 (commit) - Log - commit 185e1aa226706844dcfed45a989aa6a97fc0fe8a Author: Tomas Mraz Date: Fri Apr 16 12:31:39 2021 +0200 Add DHX FIPS 186-4 domain parameter validation example Fixes #14369 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14896) --- Summary of changes: doc/man7/EVP_PKEY-DH.pod | 60 --- doc/man7/EVP_PKEY-DSA.pod | 4 ++-- 2 files changed, 53 insertions(+), 11 deletions(-) diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod index f60ac3298e..5d0ac88fb0 100644 --- a/doc/man7/EVP_PKEY-DH.pod +++ b/doc/man7/EVP_PKEY-DH.pod @@ -118,7 +118,7 @@ An B context can be obtained by calling: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); -An B key can be generated with a named safe prime group by calling: +A B key can be generated with a named safe prime group by calling: int priv_len = 2 * 112; OSSL_PARAM params[3]; @@ -137,22 +137,21 @@ An B key can be generated with a named safe prime group by calling: EVP_PKEY_free(key); EVP_PKEY_CTX_free(pctx); -Legacy B domain parameters can be generated by calling: +B domain parameters can be generated according to B by calling: unsigned int pbits = 2048; unsigned int qbits = 256; -int gindex = 1; OSSL_PARAM params[5]; EVP_PKEY *param_key = NULL; EVP_PKEY_CTX *pctx = NULL; -pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); +pctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL); EVP_PKEY_paramgen_init(pctx); params[0] = OSSL_PARAM_construct_uint("pbits", ); params[1] = OSSL_PARAM_construct_uint("qbits", ); -params[2] = OSSL_PARAM_construct_int("gindex", ); -params[3] = OSSL_PARAM_construct_utf8_string("digest", "SHA384", 0); +params[2] = OSSL_PARAM_construct_utf8_string("type", "fips186_4", 0); +params[3] = OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0); params[4] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(pctx, params); @@ -163,7 +162,7 @@ Legacy B domain parameters can be generated by calling: EVP_PKEY_free(param_key); EVP_PKEY_CTX_free(pctx); -An B key can be generated using domain parameters by calling: +A B key can be generated using domain parameters by calling: EVP_PKEY *key = NULL; EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL); @@ -175,8 +174,51 @@ An B key can be generated using domain parameters by calling: EVP_PKEY_free(key); EVP_PKEY_CTX_free(gctx); -=for comment TODO(3.0): To validate domain parameters, additional values used -during generation may be required to be set into the key. +To validate B B domain parameters decoded from B or +B data, additional values used during generation may be required to +be set into the key. + +EVP_PKEY_todata(), OSSL_PARAM_merge(), and EVP_PKEY_fromdata() are useful +to add these parameters to the original key or domain parameters before +the actual validation. + +EVP_PKEY *received_domp = ...; /* parameters received and decoded */ +unsigned char *seed = ...; /* and additional parameters received */ +size_t seedlen = ...; /* by other means, required */ +int gindex = ...; /* for the validation */ +int pcounter = ...; +int hindex = ...; +OSSL_PARAM extra_params[5]; +OSSL_PARAM *domain_params = NULL; +OSSL_PARAM *merged_params = NULL; +EVP_PKEY_CTX *ctx = NULL, *validate_ctx = NULL; +EVP_PKEY *complete_domp = NULL; + +EVP_PKEY_todata(received_domp, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, +_params); +extra_params[0] = OSSL_PARAM_construct_octet_string("seed", seed, seedlen); +extra_params[1] = OSSL_PARAM_construct_int("gindex", ); +extra_params[2] = OSSL_PARAM_construct_int("pcounter", ); +extra_params[3] = OSSL_PARAM_construct_int("hindex", ); +extra_params[4] = OSSL_PARAM_construct_end(); +merged_params = OSSL_PARAM_merge(domain_params, extra_params); + +ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL); +EVP_PKEY_fromdata_init(ctx); +EVP_PKEY_fromdata(ctx, _domp, OSSL_KEYMGMT_SELECT_ALL, + merged_params); + +validate_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, complete_domp, NULL); +if (EVP_PKEY_param_check(validate_ctx) > 0) +/* validation_passed(); */ +else +/* validation_failed(); */ + +OSSL_PARAM_free(domain_params); +OSSL_PARAM_free(merged_params); +EVP_PKEY_CTX_free(ctx); +EVP_PKEY_CTX_free(validate_ctx); +EVP_PKEY_free(complete_domp); =head1 CONFORMING TO diff --git a/doc/man7/EVP_PKEY-DSA.pod
Build failed: openssl master.41593
Build openssl master.41593 failed Commit a73b0c6a76 by Richard Levitte on 4/17/2021 4:55 AM: Add the developer utility namemapdump.c Configure your notification preferences
[openssl] master update
The branch master has been updated via 05aed12f54de44df586d8912172b4ec05a8af855 (commit) via a0fff549e6635000a545ac7d1e7a8102c1e614f1 (commit) via 01ba6c8e438ea2d31c92fe2f386e6ce5809f29f0 (commit) via ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 (commit) via 42423ac9611e0cbb02c93b3c5661328f324f9d08 (commit) via 6ee1ae32933e299a6a0a5a0e8b4a1c1a64da3492 (commit) via ebb3c82b9c7afc89986d56f794ec9d3ca3b6793f (commit) via e2f5df36138abcc1f989c6739b23bf7e23fe (commit) from f6c95e46c03025b2694241e1ad785d8bd3ac083b (commit) - Log - commit 05aed12f54de44df586d8912172b4ec05a8af855 Author: Richard Levitte Date: Tue Mar 16 05:40:50 2021 +0100 CORE: pre-populate the namemap with legacy OIDs too This also pre-populates the namemap with names derived from the internal EVP_PKEY_ASN1_METHODs. This requires attention, as they contain aliases that we may want (RSA == rsaEncryption), as well as aliases that we absolutely do not want (SM2 == EC). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14498) commit a0fff549e6635000a545ac7d1e7a8102c1e614f1 Author: Richard Levitte Date: Thu Mar 11 16:04:16 2021 +0100 TEST: Use OSSL_MAX_NAME_SIZE instead of arbitrary number of mdname Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14498) commit 01ba6c8e438ea2d31c92fe2f386e6ce5809f29f0 Author: Richard Levitte Date: Thu Mar 11 13:36:06 2021 +0100 CORE: Register all legacy "names" when generating the initial namemap When generating the initial namemap from EVP cipher and digest names, we din't do it quite as thoroughly as necessary, which meant that so called "long names" weren't necessarily registered, and if anyone ever tried to check the algorithm of an EVP_CIPHER or EVP_MD using a so called "long name" would fail. This doesn't deal with the fact that "long names" have a distinct role as human readable descriptors, useful for printouts. Further changes are necessary to deal with this. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14498) commit ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 Author: Richard Levitte Date: Wed Mar 10 12:58:53 2021 +0100 Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt() The intention is to allow for OIDs for which libcrypto has no information, but are still fetchable for OSSL_ALGORITHM implementations that specify an OID amongst their names. Fixes #14278 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14498) commit 42423ac9611e0cbb02c93b3c5661328f324f9d08 Author: Richard Levitte Date: Wed Mar 10 12:53:51 2021 +0100 TEST: Modify how the retrieved digest name for SM2 digestsign is checked Because of aliases, retrieved names won't always match one specific string. A safer way to check is to fetch the digest from the retrieved name and check it's the expected one with the help of EVP_MD_is_a(). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14498) commit 6ee1ae32933e299a6a0a5a0e8b4a1c1a64da3492 Author: Richard Levitte Date: Wed Mar 10 11:32:45 2021 +0100 TEST: Modify testutil's run_tests to display NOSUBTEST cases individually When test cases were added with ADD_ALL_TESTS_NOSUBTEST(), all those iteration verdicts were summarized as if it was one single case. This modification gets each iteration verdict displayed separately instead. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14498) commit ebb3c82b9c7afc89986d56f794ec9d3ca3b6793f Author: Richard Levitte Date: Wed Mar 10 11:31:49 2021 +0100 TEST: Modify test/evp_fetch_prov_test.c to also fetch by OID Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14498) commit e2f5df36138abcc1f989c6739b23bf7e23fe Author: Richard Levitte Date: Wed Mar 10 11:22:55 2021 +0100 PROV: Add OIDs we know to all provider applicable algorithms The OIDs were extracted with the help of libcrypto's ASN1 OID database. While doing this, we move all the names strings to macro definitions, to avoid duplication and conflicting names declarations. Those macros are all in providers/implementations/include/prov/names.h Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14498) --- Summary of changes: crypto/cms/cms_dh.c| 8 +- crypto/cms/cms_ec.c| 12 +- crypto/cms/cms_env.c | 5 +- crypto/cms/cms_lib.c
[openssl] master update
The branch master has been updated via f6c95e46c03025b2694241e1ad785d8bd3ac083b (commit) via 543e740b95e303790f8fe6ec59458b4ecdcfb56c (commit) from ad72484909abbcb088c52305894b87604ef58de8 (commit) - Log - commit f6c95e46c03025b2694241e1ad785d8bd3ac083b Author: Rich Salz Date: Tue Feb 16 17:51:56 2021 -0500 Add "origin" field to EVP_CIPHER, EVP_MD Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all three origins. The flag is deliberately right before some function pointers, so that compile-time failures (int/pointer) will occur, as opposed to taking a bit in the existing "flags" field. The "global variable" flag is non-zero, so the default case of using OPENSSL_zalloc (for provider ciphers), will do the right thing. Ref-counting is a no-op for Make up_ref no-op for global MD and CIPHER objects Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add EVP_CIPHER_CTX_get1_CIPHER(). Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common evp_md_free_int() function. Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common evp_cipher_free_int() function. Also change some flags tests to explicit test == or != zero. E.g., if (flags & x) --> if ((flags & x) != 0) if (!(flags & x)) --> if ((flags & x) == 0) Only done for those lines where "get0_cipher" calls were made. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14193) commit 543e740b95e303790f8fe6ec59458b4ecdcfb56c Author: Rich Salz Date: Mon Feb 15 12:31:36 2021 -0500 Standard style for all EVP_xxx_free routines Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/14193) --- Summary of changes: apps/dgst.c| 2 +- crypto/asn1/a_sign.c | 2 +- crypto/asn1/p5_scrypt.c| 2 +- crypto/cmac/cmac.c | 2 +- crypto/cms/cms_env.c | 7 +++-- crypto/cms/cms_kari.c | 2 +- crypto/cms/cms_lib.c | 2 +- crypto/cms/cms_sd.c| 2 +- crypto/evp/asymcipher.c| 20 ++--- crypto/evp/bio_md.c| 4 +-- crypto/evp/bio_ok.c| 10 +++ crypto/evp/cmeth_lib.c | 6 +++- crypto/evp/digest.c| 11 +++- crypto/evp/e_aes.c | 32 + crypto/evp/e_aes_cbc_hmac_sha1.c | 2 ++ crypto/evp/e_aes_cbc_hmac_sha256.c | 2 ++ crypto/evp/e_aria.c| 2 ++ crypto/evp/e_camellia.c| 3 ++ crypto/evp/e_chacha20_poly1305.c | 2 ++ crypto/evp/e_des3.c| 1 + crypto/evp/e_null.c| 1 + crypto/evp/e_rc2.c | 2 ++ crypto/evp/e_rc4.c | 2 ++ crypto/evp/e_rc4_hmac_md5.c| 1 + crypto/evp/e_sm4.c | 1 + crypto/evp/e_xcbc_d.c | 1 + crypto/evp/evp_enc.c | 21 ++ crypto/evp/evp_lib.c | 58 +- crypto/evp/evp_local.h | 2 ++ crypto/evp/evp_rand.c | 50 crypto/evp/exchange.c | 20 ++--- crypto/evp/kdf_lib.c | 12 crypto/evp/kdf_meth.c | 20 +++-- crypto/evp/kem.c | 21 +++--- crypto/evp/legacy_blake2.c | 2 ++ crypto/evp/legacy_md2.c| 1 + crypto/evp/legacy_md4.c| 1 + crypto/evp/legacy_md5.c| 1 + crypto/evp/legacy_md5_sha1.c | 1 + crypto/evp/legacy_mdc2.c | 1 + crypto/evp/legacy_ripemd.c | 1 + crypto/evp/legacy_sha.c| 9 ++ crypto/evp/legacy_wp.c | 1 + crypto/evp/m_null.c| 1 + crypto/evp/m_sigver.c | 2 +- crypto/evp/mac_lib.c | 12 crypto/evp/p5_crpt2.c | 2 +- crypto/evp/p_sign.c| 2 +- crypto/evp/p_verify.c | 2 +- crypto/evp/signature.c | 20 ++--- crypto/pkcs12/p12_decr.c | 6 ++-- crypto/pkcs7/pk7_doit.c| 2 +- crypto/sm3/legacy_sm3.c| 1 + doc/man3/EVP_DigestInit.pod| 19 + doc/man3/EVP_EncryptInit.pod | 19 +++-- engines/e_afalg.c | 2 +- include/crypto/evp.h |
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D0gzL_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGBFZ5g-2FKGQz9DZMPoj9ISK-2FZZgiNNVmU1PPcDHY4twDU6DDYAOgR21dsUDRgXJiR6TfNhVnPc8R5vzxTscMyfsy4DYT8YuJLteg6fyVTUWFkADHY5eoh-2FBc-2BPN7YppStwQ4Aeviywq1Tobav-2F-2BW-2BdHMfBPWr4abgHERFeLUhKtp-2Brb7k53qnLlL-2F-2B0GDsbV3I-3D Build ID: 381690 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DCy_C_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF3MK9cKjLQ-2FuJcgorEnAkJ61L7LAfL03fnNjbo2-2BX-2BvSzo9MEgNJpvu1f9CssyWb1xeCbbhjWlDEzcZxe-2Byl2IJNFLd-2FIbR8sup-2FUdJF4ZVesEWBX3P2hDeAmEfBhqEjit60zDxx6e3aORrGlDHprZpIIYPExZRsRVosQuDyk4c6xqckToJ9QGpxZD8fIAIdE-3D Build ID: 381689 Analysis Summary: New defects found: 5 Defects eliminated: 0 If you have difficulty understanding any defects, email us at scan-ad...@coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DQfIH_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF3MK9cKjLQ-2FuJcgorEnAkJ61L7LAfL03fnNjbo2-2BX-2BvWq2D-2BHDj7c1Auxk2xcT27ZQy2vP-2FRNbNh4hQhkakJIfnJSVX4PxvPtbf7GHQZ-2BJJSoK33SF8GCvd1eraQU9LOoH37Nm8fzkTXa8Ulib6TiZ7-2B-2Bja81acWtU0gXZRpggtpXzdP-2BIvNvME32AHpSt7q0-3D
[openssl] master update
The branch master has been updated via ad72484909abbcb088c52305894b87604ef58de8 (commit) from 44c75ba67df9588636649416e6fb120a9fc27489 (commit) - Log - commit ad72484909abbcb088c52305894b87604ef58de8 Author: Nan Xiao Date: Fri Apr 16 09:46:26 2021 +0800 Fix typo in aesccm.c CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14894) --- Summary of changes: demos/evp/aesccm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/evp/aesccm.c b/demos/evp/aesccm.c index 5045837c74..f073e5ec3d 100644 --- a/demos/evp/aesccm.c +++ b/demos/evp/aesccm.c @@ -89,7 +89,7 @@ void aes_ccm_decrypt(void) EVP_CIPHER_CTX *ctx; int outlen, tmplen, rv; unsigned char outbuf[1024]; -printf("AES CCM Derypt:\n"); +printf("AES CCM Decrypt:\n"); printf("Ciphertext:\n"); BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct)); ctx = EVP_CIPHER_CTX_new();