Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

3e73111d13 ASN.1: Add some sanity checks for input len <= 0; related coding 
improvements
db76a35e26 tasn_dec.c: Add checks for it == NULL arguments; improve coding style
c0e724fcbe DOC: Clarify EVP_MAC_init() params vs. EVP_MAC_CTX_set_params()
5c42f7aa64 Use build.info not file-wide ifndef
1fbf7079e7 STORE: Discard the error report filter in crypto/store/store_result.c
7aef200089 TEST: Adapt the EVP test
9cc97ddf3c Adapt our decoder implementations to the new way to indicate succes 
/ failure
f99659535d ENCODER & DECODER: Allow decoder implementations to specify "carry 
on"
a2502862f6 Fix memory leak in X509_REQ
4e030ed45d apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure
2ec6491669 asn1: fix indentation
c4685815bf dsa: remove unused macro
42e7d043f0 srp: remove references to EVP_sha1()
3f700d4b95 pem: remove references to EVP_sha1()
e27fea4640 ocsp: remove references to EVP_sha1()
27344bb82a cms: remove most references to EVP_sha1()
192d500878 x509: remove most references to EVP_sha1()
6bcbc36985 test: fix double free problems.
efe8d69daa engine: fix double free on error path.
db78c84eb2 ts: fix double free on error path.
b06450bcf7 srp: fix double free,
4ecb19d109 params_dup: fix off by one error that allows array overreach.
1c0eede982 Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
a78c7c0bfe Flip ordering back
99adfa455c Fetch before get-by-name
606a417fb2 Fetch and free cipher and md's
c39352e4e4 Fix compile errors on s390.
72f649e061 Remove extra trailing semicolon
cd0aca5320 Update krb5 module to latest release
16b8862d80 PKCS12 etc.: Add hints on using -legacy and -provider-path options
ee203a87ff Add a test for OSSL_LIB_CTX_set0_default
978e323a4d Add the function OSSL_LIB_CTX_get0_global_default()
92b20fb8f7 Change the semantics of OSSL_LIB_CTX_set0_default() NULL handling
145a4c871d Remove a TODO(3.0) from keymgmt_lib.c
21d1994faf Don't worry about magic in the Makefile for 3.0
57e7401fc5 Fix some TODO(3.0) occurrences in ssl/t1_lib.c
b247113c05 Detect low-level engine and app method based keys
5ae52001e1 Remove crypt32.lib from C++Builder configuration
daf98015aa Link with uplink module
491a1e3363 Link with .def files
16f2a44435 Generate dependency information
96d4ec6724 Avoid more MSVC-specific C runtime library functions
6afb36342d Build resource files
5fee3fe276 Support DLL builds + Fix C RTL variants
c4f4cb14e3 Ensure cw32mt.lib and import32.lib are linked to in no-sock mode
55aa235e85 Document C++Builder usage in NOTES-WINDOWS.md
d5a6b54b49 Replace "ld_wildcard_args" with "bin_lflags"
847f41d97c Add explanation + bugtracker link for quoted dependency workarounds
583a9f1f6b Use cmd.exe to export env vars before commands
f1ee757daa Resurrect and modernize C++Builder config
a8368d573e Avoid redirection to quoted filename
a75a87561b Generalize link rule in windows-makefile.tmpl
830cd025b1 Ensure at least one command if no dependencies
8557bdde48 Avoid quoting dependency filepaths in build tree
e15eff3aaa Generalize delimiter in archiver response file
118faf5ffe Avoid space between "-I" and include directory
23f3242ffe Move VS Tools configuration to VC-common target
1bb381227b Avoid "&&" in windows-makefile.tmpl
a4afa6c1d0 Add test for the IV handling of DES based ciphers
d6c6f6c51d Do IV reset also for DES and 3DES implementations
ae6f65ae08 Change the default MANSUFFIX
185e1aa226 Add DHX FIPS 186-4 domain parameter validation example

Build log ended with (last 100 lines):

../../../../../enable-fuzz-afl/util/wrap.pl 
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf 
-section 'Mock enrollment' -certout 
../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' 
-no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 
-certout 
../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo5.pem 
-out_trusted root.crt => 0
not ok 47 - popo NONE
# --
#   Failed test 'popo NONE'
#   at ../openssl/test/recipes/80-test_cmp_http.t line 145.
Warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a 
CA cert
# cmp_main:../openssl/apps/cmp.c:2582:CMP info: using section(s) 'Mock 
enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2177:CMP warning: argument of -proxy option is 
empty string, resetting option
# setup_client_ctx:../openssl/apps/cmp.c:1891:CMP info: will contact 
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received 
IP
# 

Build failed: openssl master.41711

[AppVeyor]

Build openssl master.41711 failed


Commit 7c8f3b by Dr. David von Oheimb on 3/16/2021 3:41 PM:

CMS ESS: Move four internal aux function to where they belong in crypto/cms


Configure your notification preferences

Build failed: openssl master.41703

[AppVeyor]

Build openssl master.41703 failed


Commit 389b35cd0b by Tomas Mraz on 4/21/2021 7:27 AM:

fixup! Add type_name member to provided methods and use it


Configure your notification preferences

[openssl] master update

[matthias . st . pierre]

The branch master has been updated
   via  0ba8bc058376d423d7c5649cfce83a23cce97267 (commit)
  from  2de02e7dca0a875b1ae5b6a4a4f946705eb71edc (commit)


- Log -
commit 0ba8bc058376d423d7c5649cfce83a23cce97267
Author: Dr. Matthias St. Pierre 
Date:   Wed Apr 21 13:12:38 2021 +0200

Remove obsolete comment

Fixes #14968

Reviewed-by: Tim Hudson 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14969)

---

Summary of changes:
 crypto/context.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/crypto/context.c b/crypto/context.c
index d7671d66a8..39f96366e2 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -277,7 +277,6 @@ static void ossl_lib_ctx_generic_free(void *parent_ign, 
void *ptr,
 meth->free_func(ptr);
 }
 
-/* Non-static so we can use it in context_internal_test */
 static int ossl_lib_ctx_init_index(OSSL_LIB_CTX *ctx, int static_index,
const OSSL_LIB_CTX_METHOD *meth)
 {

[openssl] master update

[matthias . st . pierre]

The branch master has been updated
   via  2de02e7dca0a875b1ae5b6a4a4f946705eb71edc (commit)
  from  75f036c6c5cf3608a63ddc6598698e82bcfdb9bf (commit)


- Log -
commit 2de02e7dca0a875b1ae5b6a4a4f946705eb71edc
Author: Randall S. Becker 
Date:   Mon Apr 19 13:32:36 2021 -0400

Added Perl installation instructions to NOTES-PERL.md for HPE NonStop.

Fixes #14931.

Signed-off-by: Randall S. Becker 

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/14932)

---

Summary of changes:
 NOTES-PERL.md | 12 
 1 file changed, 12 insertions(+)

diff --git a/NOTES-PERL.md b/NOTES-PERL.md
index dbaae0d40e..a28f5b9033 100644
--- a/NOTES-PERL.md
+++ b/NOTES-PERL.md
@@ -4,6 +4,7 @@ Notes on Perl
  - [General Notes](#general-notes)
  - [Perl on Windows](#perl-on-windows)
  - [Perl on VMS](#perl-on-vms)
+ - [Perl on NonStop](#perl-on-nonstop)
  - [Required Perl modules](#required-perl-modules)
  - [Notes on installing a Perl module](#notes-on-installing-a-perl-module])
 
@@ -52,6 +53,17 @@ download the source from , unpacking it, 
reading
 `.PCSI` file from  and install it using the
 POLYCENTER install tool.
 
+Perl on NonStop
+---
+
+Perl is installed on HPE NonStop platforms as part of the Scripting Languages
+package T1203PAX file. The package is shipped as part of a NonStop RVU
+(Release Version Updates) package. Individual SPRs (Software Product Release)
+representing fixes can be obtained from the Scout website at
+. Follow the appropriate set of installation
+instructions for your operating system release as described in the
+Script Language User Guide available from the NonStop Technical Library.
+
 Required Perl modules
 -
 

[openssl] master update

[dev]

The branch master has been updated
   via  75f036c6c5cf3608a63ddc6598698e82bcfdb9bf (commit)
  from  ef203432f7b551382216e9aa7de00039e6d45ac0 (commit)


- Log -
commit 75f036c6c5cf3608a63ddc6598698e82bcfdb9bf
Author: Dr. David von Oheimb 
Date:   Wed Apr 21 12:47:35 2021 +0200

BIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14967)

---

Summary of changes:
 doc/man3/BIO_parse_hostserv.pod |  3 ++-
 doc/man3/BIO_s_connect.pod  | 33 +
 doc/man3/BIO_s_fd.pod   |  4 ++--
 3 files changed, 17 insertions(+), 23 deletions(-)

diff --git a/doc/man3/BIO_parse_hostserv.pod b/doc/man3/BIO_parse_hostserv.pod
index ca5a82376b..27d4735b50 100644
--- a/doc/man3/BIO_parse_hostserv.pod
+++ b/doc/man3/BIO_parse_hostserv.pod
@@ -38,7 +38,8 @@ The syntax the BIO_parse_hostserv() recognises is:
 The host part can be a name or an IP address.  If it's a IPv6
 address, it MUST be enclosed in brackets, such as '[::1]'.
 
-The service part can  be a service name or its port number.
+The service part can be a service name or its port number.  A service name
+will be mapped to a port number using the system function getservbyname().
 
 The returned values will depend on the given B string
 and B, as follows:
diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod
index 4714fde160..9a029066ff 100644
--- a/doc/man3/BIO_s_connect.pod
+++ b/doc/man3/BIO_s_connect.pod
@@ -2,17 +2,18 @@
 
 =head1 NAME
 
-BIO_set_conn_address, BIO_get_conn_address,
-BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port,
-BIO_set_conn_ip_family, BIO_get_conn_ip_family,
+BIO_s_connect, BIO_new_connect,
+BIO_set_conn_hostname, BIO_set_conn_port,
+BIO_set_conn_address, BIO_set_conn_ip_family,
 BIO_get_conn_hostname, BIO_get_conn_port,
+BIO_get_conn_address, BIO_get_conn_ip_family,
 BIO_set_nbio, BIO_do_connect - connect BIO
 
 =head1 SYNOPSIS
 
  #include 
 
- const BIO_METHOD * BIO_s_connect(void);
+ const BIO_METHOD *BIO_s_connect(void);
 
  BIO *BIO_new_connect(char *name);
 
@@ -53,20 +54,18 @@ Calling BIO_reset() on a connect BIO will close any active
 connection and reset the BIO into a state where it can connect
 to the same host again.
 
-BIO_get_fd() places the underlying socket in B if it is not NULL,
-it also returns the socket . If B is not NULL it should be of
-type (int *).
+BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
+a single call: that is it creates a new connect BIO with hostname B.
 
 BIO_set_conn_hostname() uses the string B to set the hostname.
 The hostname can be an IP address; if the address is an IPv6 one, it
-must be enclosed with brackets. The hostname can also include the
-port in the form hostname:port.
+must be enclosed with brackets C<[> and C<]>.
+The hostname can also include the port in the form hostname:port;
+see L and BIO_set_conn_port() for details.
 
 BIO_set_conn_port() sets the port to B. B can be the
-numerical form or a string such as "http". A string will be looked
-up first using getservbyname() on the host platform but if that
-fails a standard table of port names will be used. This internal
-list is http, telnet, socks, https, ssl, ftp, and gopher.
+numerical form or a service string such as "http", which
+will be mapped to a port number using the system function getservbyname().
 
 BIO_set_conn_address() sets the address and port information using
 a BIO_ADDR(3ssl).
@@ -91,9 +90,6 @@ is set. Blocking I/O is the default. The call to 
BIO_set_nbio()
 should be made before the connection is established because
 non blocking I/O is set during the connect process.
 
-BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
-a single call: that is it creates a new connect BIO with B.
-
 BIO_do_connect() attempts to connect the supplied BIO.
 This performs an SSL/TLS handshake as far as supported by the BIO.
 For non-SSL BIOs the connection is done typically at TCP level.
@@ -144,9 +140,6 @@ BIO_set_nbio(), and BIO_do_connect() are macros.
 
 BIO_s_connect() returns the connect BIO method.
 
-BIO_get_fd() returns the socket or -1 if the BIO has not
-been initialized.
-
 BIO_set_conn_address(), BIO_set_conn_port(), and BIO_set_conn_ip_family()
 always return 1.
 
@@ -198,7 +191,7 @@ to retrieve a page and copy the result to standard output.
 
 =head1 SEE ALSO
 
-L
+L, L
 
 =head1 HISTORY
 
diff --git a/doc/man3/BIO_s_fd.pod b/doc/man3/BIO_s_fd.pod
index f4f4239fe9..40a223b61d 100644
--- a/doc/man3/BIO_s_fd.pod
+++ b/doc/man3/BIO_s_fd.pod
@@ -38,8 +38,8 @@ B.
 BIO_set_fd() sets the file descriptor of BIO B to B and the close
 flag to B.
 
-BIO_get_fd() places the file descriptor in B if it is not NULL, it also
-returns the file descriptor.
+BIO_get_fd() places the 

[openssl] master update

[dev]

The branch master has been updated
   via  ef203432f7b551382216e9aa7de00039e6d45ac0 (commit)
  from  078fa35c7bd7e7392b07e032297a341fef695c42 (commit)


- Log -
commit ef203432f7b551382216e9aa7de00039e6d45ac0
Author: Dr. David von Oheimb 
Date:   Wed Apr 21 13:28:00 2021 +0200

apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() 
function

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/14971)

---

Summary of changes:
 apps/cmp.c  | 10 +-
 apps/include/apps.h |  1 +
 apps/lib/apps.c | 19 ++-
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index da28c3215e..1fbf10c4a4 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2851,15 +2851,7 @@ int cmp_main(int argc, char **argv)
 OSSL_CMP_CTX_print_errors(cmp_ctx);
 
 ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx));
-{
-APP_HTTP_TLS_INFO *http_tls_info =
-OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx);
-
-if (http_tls_info != NULL) {
-SSL_CTX_free(http_tls_info->ssl_ctx);
-OPENSSL_free(http_tls_info);
-}
-}
+APP_HTTP_TLS_INFO_free(OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx));
 X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx));
 OSSL_CMP_CTX_free(cmp_ctx);
 X509_VERIFY_PARAM_free(vpm);
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 2709b0ccaf..2d102246f8 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -271,6 +271,7 @@ typedef struct app_http_tls_info_st {
 } APP_HTTP_TLS_INFO;
 BIO *app_http_tls_cb(BIO *hbio, /* APP_HTTP_TLS_INFO */ void *arg,
  int connect, int detail);
+void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info);
 # ifndef OPENSSL_NO_SOCK
 ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
   const char *no_proxy, SSL_CTX *ssl_ctx,
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 7eadf5a4b5..e39e7cd061 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2392,12 +2392,12 @@ static const char *tls_error_hint(void)
 /* HTTP callback function that supports TLS connection also via HTTPS proxy */
 BIO *app_http_tls_cb(BIO *hbio, void *arg, int connect, int detail)
 {
-APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
-SSL_CTX *ssl_ctx = info->ssl_ctx;
-SSL *ssl;
-BIO *sbio = NULL;
-
 if (connect && detail) { /* connecting with TLS */
+APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
+SSL_CTX *ssl_ctx = info->ssl_ctx;
+SSL *ssl;
+BIO *sbio = NULL;
+
 if ((info->use_proxy
  && !OSSL_HTTP_proxy_connect(hbio, info->server, info->port,
  NULL, NULL, /* no proxy credentials */
@@ -2418,6 +2418,7 @@ BIO *app_http_tls_cb(BIO *hbio, void *arg, int connect, 
int detail)
 hbio = BIO_push(sbio, hbio);
 } else if (!connect && !detail) { /* disconnecting after error */
 const char *hint = tls_error_hint();
+
 if (hint != NULL)
 ERR_add_error_data(2, " : ", hint);
 /*
@@ -2428,6 +2429,14 @@ BIO *app_http_tls_cb(BIO *hbio, void *arg, int connect, 
int detail)
 return hbio;
 }
 
+void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info)
+{
+if (info != NULL) {
+SSL_CTX_free(info->ssl_ctx);
+OPENSSL_free(info);
+}
+}
+
 ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
   const char *no_proxy, SSL_CTX *ssl_ctx,
   const STACK_OF(CONF_VALUE) *headers,

[web] master update

[Matt Caswell]

The branch master has been updated
   via  0ab77d020743d9f6aadc2b1110ab44cfae9d8d0a (commit)
  from  7135e80333b10c803607c06d971730f252ded023 (commit)


- Log -
commit 0ab77d020743d9f6aadc2b1110ab44cfae9d8d0a
Author: Matt Caswell 
Date:   Thu Apr 22 14:45:44 2021 +0100

Add newsflash entry for the 3.0 alpha15 release

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/228)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 73a64e5..1c80d9c 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,6 +5,7 @@
 # headings.  URL paths must all be absolute.
 Date: Item
 
+22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and 
test it
 08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and 
test it
 25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes
 11-Mar-2021: Alpha 13 of OpenSSL 3.0 is now available: please download and 
test it

[openssl] master update

[tomas]

The branch master has been updated
   via  078fa35c7bd7e7392b07e032297a341fef695c42 (commit)
  from  1f3b58d8413cfa3824e9c0a146dee6ceedbc367e (commit)


- Log -
commit 078fa35c7bd7e7392b07e032297a341fef695c42
Author: Rich Salz 
Date:   Tue Apr 20 11:21:13 2021 -0400

Remove an unused parameter

Reviewed-by: Matthias St. Pierre 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/14943)

---

Summary of changes:
 apps/cms.c   | 2 +-
 crypto/cms/cms_ess.c | 4 ++--
 doc/man3/CMS_get1_ReceiptRequest.pod | 6 +++---
 include/openssl/cms.h.in | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index 6285c5bf72..ed349bda2d 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1413,7 +1413,7 @@ static CMS_ReceiptRequest *make_receipt_request(
 rct_from = NULL;
 }
 rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
-   rct_to, libctx, app_get0_propq());
+   rct_to, libctx);
 return rr;
  err:
 sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index b713581c05..ba78b6ebad 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -63,7 +63,7 @@ int ossl_cms_check_signing_certs(const CMS_SignerInfo *si,
 CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
 unsigned char *id, int idlen, int allorfirst,
 STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo,
-OSSL_LIB_CTX *libctx, const char *propq)
+OSSL_LIB_CTX *libctx)
 {
 CMS_ReceiptRequest *rr;
 
@@ -106,7 +106,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(
 STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo)
 {
 return CMS_ReceiptRequest_create0_ex(id, idlen, allorfirst, receiptList,
- receiptsTo, NULL, NULL);
+ receiptsTo, NULL);
 }
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
diff --git a/doc/man3/CMS_get1_ReceiptRequest.pod 
b/doc/man3/CMS_get1_ReceiptRequest.pod
index 94ecfa6acb..972345fce8 100644
--- a/doc/man3/CMS_get1_ReceiptRequest.pod
+++ b/doc/man3/CMS_get1_ReceiptRequest.pod
@@ -13,7 +13,7 @@ CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, 
CMS_ReceiptRequest_get0_values
  CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
  unsigned char *id, int idlen, int allorfirst,
  STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo,
- OSSL_LIB_CTX *libctx, const char *propq);
+ OSSL_LIB_CTX *libctx);
  CMS_ReceiptRequest *CMS_ReceiptRequest_create0(
  unsigned char *id, int idlen, int allorfirst,
  STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) 
*receiptsTo);
@@ -33,11 +33,11 @@ If I is NULL the allOrFirstTier option in 
I is used
 and set to the value of the I parameter. If I is not
 NULL the I option in I is used. The I
 parameter specifies the I field value. The library context 
I
-and the property query I are used when retrieving algorithms from 
providers.
+is used to find the public random generator.
 
 CMS_ReceiptRequest_create0() is similar to
 CMS_ReceiptRequest_create0_ex() but uses default values of NULL for the
-library context I and the property query I.
+library context I.
 
 The CMS_add1_ReceiptRequest() function adds a signed receipt request B
 to SignerInfo structure B.
diff --git a/include/openssl/cms.h.in b/include/openssl/cms.h.in
index ba86ad1cab..451191b796 100644
--- a/include/openssl/cms.h.in
+++ b/include/openssl/cms.h.in
@@ -343,7 +343,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
 unsigned char *id, int idlen, int allorfirst,
 STACK_OF(GENERAL_NAMES) *receiptList,
 STACK_OF(GENERAL_NAMES) *receiptsTo,
-OSSL_LIB_CTX *ctx, const char *propq);
+OSSL_LIB_CTX *ctx);
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,

[openssl] OpenSSL_1_1_1-stable update

[tomas]

The branch OpenSSL_1_1_1-stable has been updated
   via  1636de49219fd9ee11c91015f9c079c45aaf57c6 (commit)
  from  e41290cfc007b833b393864cf12e0d8d815b7081 (commit)


- Log -
commit 1636de49219fd9ee11c91015f9c079c45aaf57c6
Author: Niclas Rosenvik 
Date:   Tue Apr 20 19:14:27 2021 +0200

Some compilers define __STDC_VERSION__ in c++

Some compilers(g++ on Solaris/Illumos) define __STDC__VERSION__ in c++ .
This causes c++ code that uses openssl to break on these compilers since
_Noreturn is not a keyword in c++ .

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/14944)

(cherry picked from commit 1f3b58d8413cfa3824e9c0a146dee6ceedbc367e)

---

Summary of changes:
 include/openssl/e_os2.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index cf308eee2c..4c4975dbfd 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -279,7 +279,8 @@ typedef unsigned __int64 uint64_t;
 #  define ossl_inline inline
 # endif
 
-# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
+ !defined(__cplusplus) 
 #  define ossl_noreturn _Noreturn
 # elif defined(__GNUC__) && __GNUC__ >= 2
 #  define ossl_noreturn __attribute__((noreturn))

[openssl] master update

[tomas]

The branch master has been updated
   via  1f3b58d8413cfa3824e9c0a146dee6ceedbc367e (commit)
  from  ef7ae359109c7c4edb252523d5ab1467ae1d2110 (commit)


- Log -
commit 1f3b58d8413cfa3824e9c0a146dee6ceedbc367e
Author: Niclas Rosenvik 
Date:   Tue Apr 20 19:14:27 2021 +0200

Some compilers define __STDC_VERSION__ in c++

Some compilers(g++ on Solaris/Illumos) define __STDC__VERSION__ in c++ .
This causes c++ code that uses openssl to break on these compilers since
_Noreturn is not a keyword in c++ .

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/14944)

---

Summary of changes:
 include/openssl/e_os2.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index 13420d9928..eb8c46d72a 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -274,7 +274,8 @@ typedef unsigned __int64 uint64_t;
 #  define ossl_inline inline
 # endif
 
-# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
+ !defined(__cplusplus) 
 #  define ossl_noreturn _Noreturn
 # elif defined(__GNUC__) && __GNUC__ >= 2
 #  define ossl_noreturn __attribute__((noreturn))

[openssl] master update

[tomas]

The branch master has been updated
   via  ef7ae359109c7c4edb252523d5ab1467ae1d2110 (commit)
  from  64c609e71ef1f0c759dfdf65719e650d04dd5f29 (commit)


- Log -
commit ef7ae359109c7c4edb252523d5ab1467ae1d2110
Author: Rich Salz 
Date:   Tue Apr 20 14:14:00 2021 -0400

Read a REQUEST not RESPONSE in ocsp responder

Fixes: #13904

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/14946)

---

Summary of changes:
 apps/ocsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index a4d2e63654..fbc9cf46f4 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1165,7 +1165,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, 
BIO *acbio,
 int timeout)
 {
 #ifndef OPENSSL_NO_SOCK
-return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_RESPONSE),
+return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST),
 (ASN1_VALUE **)preq, NULL, pcbio, acbio,
 prog, 1 /* accept_get */, timeout);
 #else

[openssl] master update

[tomas]

The branch master has been updated
   via  64c609e71ef1f0c759dfdf65719e650d04dd5f29 (commit)
  from  bf6aeeb481f97e2b7088f151546b9957eaaf44ef (commit)


- Log -
commit 64c609e71ef1f0c759dfdf65719e650d04dd5f29
Author: Tomas Mraz 
Date:   Wed Apr 21 08:29:28 2021 +0200

test_sslextension: skip tests that cannot work with no-tls1_2

Fixes runchecker failure of no-tls1_2 build.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14955)

---

Summary of changes:
 test/recipes/70-test_sslextension.t | 42 +++--
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/test/recipes/70-test_sslextension.t 
b/test/recipes/70-test_sslextension.t
index 451ffa671f..c1893b8f06 100644
--- a/test/recipes/70-test_sslextension.t
+++ b/test/recipes/70-test_sslextension.t
@@ -194,15 +194,15 @@ $proxy->start() or plan skip_all => "Unable to start up 
Proxy for tests";
 plan tests => 8;
 ok($fatal_alert, "Duplicate ClientHello extension");
 
-$fatal_alert = 0;
-$proxy->clear();
-$proxy->filter(\_duplicate_extension_serverhello);
-$proxy->clientflags("-no_tls1_3");
-$proxy->start();
-ok($fatal_alert, "Duplicate ServerHello extension");
-
 SKIP: {
-skip "TLS <= 1.2 disabled", 2 if $no_below_tls13;
+skip "TLS <= 1.2 disabled", 4 if $no_below_tls13;
+
+$fatal_alert = 0;
+$proxy->clear();
+$proxy->filter(\_duplicate_extension_serverhello);
+$proxy->clientflags("-no_tls1_3");
+$proxy->start();
+ok($fatal_alert, "Duplicate ServerHello extension");
 
 #Test 3: Sending a zero length extension block should pass
 $proxy->clear();
@@ -220,11 +220,21 @@ SKIP: {
 $proxy->clientflags("-no_tls1_3 -noservername");
 $proxy->start();
 ok($fatal_alert, "Unsolicited server name extension");
+
+#Test 5: Send the cryptopro extension in a ClientHello. Normally this is an
+#unsolicited extension only ever seen in the ServerHello. We should
+#ignore it in a ClientHello
+$proxy->clear();
+$proxy->filter(\_cryptopro_extension);
+$proxy->clientflags("-no_tls1_3");
+$proxy->start();
+ok(TLSProxy::Message->success(), "Cryptopro extension in ClientHello");
 }
+
 SKIP: {
 skip "TLS <= 1.2 disabled or EC disabled", 1
 if $no_below_tls13 || disabled("ec");
-#Test 5: Inject a noncompliant supported_groups extension (<= TLSv1.2)
+#Test 6: Inject a noncompliant supported_groups extension (<= TLSv1.2)
 $proxy->clear();
 $proxy->filter(\_unsolicited_extension);
 $testtype = NONCOMPLIANT_SUPPORTED_GROUPS;
@@ -236,9 +246,10 @@ SKIP: {
 SKIP: {
 skip "TLS <= 1.2 or CT disabled", 1
 if $no_below_tls13 || disabled("ct");
-#Test 6: Same as above for the SCT extension which has special handling
+#Test 7: Same as above for the SCT extension which has special handling
 $fatal_alert = 0;
 $proxy->clear();
+$proxy->filter(\_unsolicited_extension);
 $testtype = UNSOLICITED_SCT;
 $proxy->clientflags("-no_tls1_3");
 $proxy->start();
@@ -248,7 +259,7 @@ SKIP: {
 SKIP: {
 skip "TLS 1.3 disabled", 1
 if disabled("tls1_3") || (disabled("ec") && disabled("dh"));
-#Test 7: Inject an unsolicited extension (TLSv1.3)
+#Test 8: Inject an unsolicited extension (TLSv1.3)
 $fatal_alert = 0;
 $proxy->clear();
 $proxy->filter(\_unsolicited_extension);
@@ -257,12 +268,3 @@ SKIP: {
 $proxy->start();
 ok($fatal_alert, "Unsolicited server name extension (TLSv1.3)");
 }
-
-#Test 8: Send the cryptopro extension in a ClientHello. Normally this is an
-#unsolicited extension only ever seen in the ServerHello. We should
-#ignore it in a ClientHello
-$proxy->clear();
-$proxy->filter(\_cryptopro_extension);
-$proxy->clientflags("-no_tls1_3");
-$proxy->start();
-ok(TLSProxy::Message->success(), "Cryptopro extension in ClientHello");

[openssl] master update

[tomas]

The branch master has been updated
   via  bf6aeeb481f97e2b7088f151546b9957eaaf44ef (commit)
  from  b5644c2a09d6fd1f44321d2e16bea43729d73114 (commit)


- Log -
commit bf6aeeb481f97e2b7088f151546b9957eaaf44ef
Author: Tomas Mraz 
Date:   Wed Apr 21 08:11:04 2021 +0200

http/http_lib.c: Include stdio.h for sscanf()

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14953)

---

Summary of changes:
 crypto/http/http_lib.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index f0fc770f22..a8697cca33 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -7,11 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include/* for sscanf() */
+#include 
 #include 
 #include 
 #include  /* for BIO_snprintf() */
 #include 
-#include 
 #include "internal/cryptlib.h" /* for ossl_assert() */
 
 #include "http_local.h"

[openssl] master update

[tomas]

The branch master has been updated
   via  b5644c2a09d6fd1f44321d2e16bea43729d73114 (commit)
  from  309c6fbaceb907e5b596a158f0891f42e6694bc2 (commit)


- Log -
commit b5644c2a09d6fd1f44321d2e16bea43729d73114
Author: Wolf 
Date:   Tue Apr 20 14:08:59 2021 -0500

Force public key to be included unless explicitly excluded with -no_public

Send this before the CLA was accepted, amending to re-trigger check.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/14947)

---

Summary of changes:
 apps/ec.c | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/apps/ec.c b/apps/ec.c
index 3d5371ccdc..5103838da0 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -211,10 +211,16 @@ int ec_main(int argc, char **argv)
 goto end;
 }
 
-if (no_public
-&& !EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 
0)) {
-BIO_printf(bio_err, "unable to disable public key encoding\n");
-goto end;
+if (no_public) {
+if (!EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 
0)) {
+BIO_printf(bio_err, "unable to disable public key encoding\n");
+goto end;
+}
+} else {
+if (!EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 
1)) {
+BIO_printf(bio_err, "unable to enable public key encoding\n");
+goto end;
+}
 }
 
 if (text) {

[openssl] master update

[tomas]

The branch master has been updated
   via  309c6fbaceb907e5b596a158f0891f42e6694bc2 (commit)
  from  1fac27050176f7ed00da5649266024265678f70c (commit)


- Log -
commit 309c6fbaceb907e5b596a158f0891f42e6694bc2
Author: Todd Short 
Date:   Mon Apr 12 15:51:59 2021 -0400

Add RUN_ONCE support to zlib init

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/14940)

---

Summary of changes:
 crypto/comp/c_zlib.c| 91 ++---
 crypto/init.c   | 24 +---
 include/crypto/cryptlib.h   |  1 -
 include/openssl/crypto.h.in |  2 +-
 4 files changed, 48 insertions(+), 70 deletions(-)

diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 4d81b5f53e..a27bbeacb1 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -15,6 +15,7 @@
 #include 
 #include "crypto/cryptlib.h"
 #include "internal/bio.h"
+#include "internal/thread_once.h"
 #include "comp_local.h"
 
 COMP_METHOD *COMP_zlib(void);
@@ -102,7 +103,6 @@ static deflate_ft p_deflate = NULL;
 static deflateInit__ft p_deflateInit_ = NULL;
 static zError__ft p_zError = NULL;
 
-static int zlib_loaded = 0; /* only attempt to init func pts once */
 static DSO *zlib_dso = NULL;
 
 #  define compressp_compress
@@ -204,61 +204,58 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, 
unsigned char *out,
 return olen - state->istream.avail_out;
 }
 
-#endif
-
-COMP_METHOD *COMP_zlib(void)
+static CRYPTO_ONCE zlib_once = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_comp_zlib_init)
 {
-COMP_METHOD *meth = _method_nozlib;
-
-#ifdef ZLIB_SHARED
+# ifdef ZLIB_SHARED
 /* LIBZ may be externally defined, and we should respect that value */
-# ifndef LIBZ
-#  if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-#   define LIBZ "ZLIB1"
-#  elif defined(OPENSSL_SYS_VMS)
-#   define LIBZ "LIBZ"
-#  else
-#   define LIBZ "z"
+#  ifndef LIBZ
+#   if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#define LIBZ "ZLIB1"
+#   elif defined(OPENSSL_SYS_VMS)
+#define LIBZ "LIBZ"
+#   else
+#define LIBZ "z"
+#   endif
 #  endif
-# endif
 
-if (!zlib_loaded) {
-zlib_dso = DSO_load(NULL, LIBZ, NULL, 0);
-if (zlib_dso != NULL) {
-p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
-p_inflateEnd
-= (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd");
-p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate");
-p_inflateInit_
-= (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_");
-p_deflateEnd
-= (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd");
-p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate");
-p_deflateInit_
-= (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_");
-p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError");
-
-if (p_compress && p_inflateEnd && p_inflate
-&& p_inflateInit_ && p_deflateEnd
-&& p_deflate && p_deflateInit_ && p_zError)
-zlib_loaded++;
-
-if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) {
-ossl_comp_zlib_cleanup();
-return meth;
-}
-if (zlib_loaded)
-meth = _stateful_method;
+zlib_dso = DSO_load(NULL, LIBZ, NULL, 0);
+if (zlib_dso != NULL) {
+p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
+p_inflateEnd = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd");
+p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate");
+p_inflateInit_ = (inflateInit__ft) DSO_bind_func(zlib_dso, 
"inflateInit_");
+p_deflateEnd = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd");
+p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate");
+p_deflateInit_ = (deflateInit__ft) DSO_bind_func(zlib_dso, 
"deflateInit_");
+p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError");
+
+if (p_compress == NULL || p_inflateEnd == NULL
+|| p_inflate == NULL || p_inflateInit_ == NULL
+|| p_deflateEnd == NULL || p_deflate == NULL
+|| p_deflateInit_ == NULL || p_zError == NULL) {
+ossl_comp_zlib_cleanup();
+return 0;
 }
 }
+# endif
+return 1;
+}
 #endif
-#if defined(ZLIB)
-meth = _stateful_method;
+
+COMP_METHOD *COMP_zlib(void)
+{
+COMP_METHOD *meth = _method_nozlib;
+
+#ifdef ZLIB
+if (RUN_ONCE(_once, ossl_comp_zlib_init))
+meth = _stateful_method;
 #endif
 
 return meth;
 }
 
+/* Also called from OPENSSL_cleanup() */
 void ossl_comp_zlib_cleanup(void)
 {
 #ifdef 

Build failed: openssl master.41676

[AppVeyor]

Build openssl master.41676 failed


Commit baf1ae55ed by Niclas Rosenvik on 4/20/2021 5:14 PM:

Some compilers define __STDC_VERSION__ in c++


Configure your notification preferences

[openssl] master update

[tomas]

The branch master has been updated
   via  1fac27050176f7ed00da5649266024265678f70c (commit)
   via  db6b1266ab30945de2d14fbc62e9c3c308cce897 (commit)
   via  59088414bc3b863a3dc287de76c53464bd7ff6fa (commit)
  from  6b2978406d050b910a889a33f7a0e14b1217976d (commit)


- Log -
commit 1fac27050176f7ed00da5649266024265678f70c
Author: Tomas Mraz 
Date:   Mon Apr 19 16:02:16 2021 +0200

Fix potential NULL dereference in OSSL_PARAM_get_utf8_string()

Fixes Coverity ID 1476283

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14928)

commit db6b1266ab30945de2d14fbc62e9c3c308cce897
Author: Tomas Mraz 
Date:   Mon Apr 19 15:50:35 2021 +0200

Fix potential NULL dereference in ossl_ec_key_dup()

Fixes Coverity ID 1476282

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14928)

commit 59088414bc3b863a3dc287de76c53464bd7ff6fa
Author: Tomas Mraz 
Date:   Mon Apr 19 15:34:59 2021 +0200

Removed dead code in linebuffer_ctrl()

Fixes Coverity CID 1476284

Also add possible number truncation check.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/14928)

---

Summary of changes:
 crypto/bio/bf_lbuf.c   |  6 +++---
 crypto/ec/ec_backend.c | 12 ++--
 crypto/params.c|  4 +++-
 test/evp_extra_test2.c |  2 +-
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
index e9b946fe87..946ff0d23b 100644
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -232,12 +232,12 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, 
void *ptr)
 }
 break;
 case BIO_C_SET_BUFF_SIZE:
+if (num > INT_MAX)
+return 0;
 obs = (int)num;
 p = ctx->obuf;
 if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) {
-if (num <= 0)
-return 0;
-p = OPENSSL_malloc((size_t)num);
+p = OPENSSL_malloc((size_t)obs);
 if (p == NULL)
 goto malloc_error;
 }
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index e9843eb4ac..581c006fd0 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -532,17 +532,17 @@ int ossl_ec_key_is_foreign(const EC_KEY *ec)
 
 EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection)
 {
-EC_KEY *ret = ossl_ec_key_new_method_int(src->libctx, src->propq,
- src->engine);
-
-if (ret == NULL)
-return NULL;
+EC_KEY *ret;
 
 if (src == NULL) {
 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
-goto err;
+return NULL;
 }
 
+if ((ret = ossl_ec_key_new_method_int(src->libctx, src->propq,
+  src->engine)) == NULL)
+return NULL;
+
 /* copy the parameters */
 if (src->group != NULL
 && (selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
diff --git a/crypto/params.c b/crypto/params.c
index 50e900a406..d9743633b0 100644
--- a/crypto/params.c
+++ b/crypto/params.c
@@ -1128,11 +1128,13 @@ int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, 
char **val, size_t max_len)
  */
 size_t data_length = p->data_size;
 
+if (ret == 0)
+return 0;
 if (data_length >= max_len)
 data_length = OPENSSL_strnlen(p->data, data_length);
 if (data_length >= max_len)
 return 0;/* No space for a terminating NUL byte */
-((char *)*val)[data_length] = '\0';
+(*val)[data_length] = '\0';
 
 return ret;
 }
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index 358ac6053a..6d5303ab9d 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -566,7 +566,7 @@ static int do_check_utf8_str(OSSL_PARAM params[], const 
char *key,
  const char *expected)
 {
 OSSL_PARAM *p;
-char *bufp = 0;
+char *bufp = NULL;
 int ret;
 
 ret = TEST_ptr(p = OSSL_PARAM_locate(params, key))

[openssl] master update

[beldmit]

The branch master has been updated
   via  fc5245a92e96b8bf5f6618b27ad9ca4830bbd96c (commit)
  from  ed82976b43934789b5afa0641236d881b1aedd0e (commit)


- Log -
commit fc5245a92e96b8bf5f6618b27ad9ca4830bbd96c
Author: Hubert Kario 
Date:   Wed Apr 21 14:27:31 2021 +0200

add Changelog item for TLS1.3 FFDHE work

Raja added support for FFDHE in TLS 1.3 in commits 9aaecbfc98eb89,
8e63900a71df38ff, dfa1f5476e86f3 in 2019, reflect this in the changelog.

Reviewed-by: Paul Dale 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/14972)

---

Summary of changes:
 CHANGES.md | 4 
 1 file changed, 4 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 9b4a122e6c..d2d9e01f35 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1718,6 +1718,10 @@ OpenSSL 3.0
 
*Randall S. Becker*
 
+ * Added support for FFDHE key exchange in TLS 1.3.
+
+   *Raja Ashok*
+
 OpenSSL 1.1.1
 -
 

[openssl] master update

[beldmit]

The branch master has been updated
   via  6b2978406d050b910a889a33f7a0e14b1217976d (commit)
  from  fc5245a92e96b8bf5f6618b27ad9ca4830bbd96c (commit)


- Log -
commit 6b2978406d050b910a889a33f7a0e14b1217976d
Author: Prcuvu 
Date:   Sat Mar 14 03:59:11 2020 +

e_os.h: Include wspiapi.h to improve Windows backward compatibility

CLA: trivial

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/14550)

---

Summary of changes:
 e_os.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/e_os.h b/e_os.h
index d8bf78c094..b19c4829de 100644
--- a/e_os.h
+++ b/e_os.h
@@ -108,6 +108,7 @@
 */
 #include 
 #include 
+#include 
/* yes, they have to be #included prior to  */
 #   endif
 #   include 

[openssl] openssl-3.0.0-alpha15 create

[Matt Caswell]

The annotated tag openssl-3.0.0-alpha15 has been created
at  a09d1cc08fe83d3793e55c5263261e0d0cede43d (tag)
   tagging  b07412ef80ebbcdb8ce2c9fbf714802288fc7ee4 (commit)
  replaces  openssl-3.0.0-alpha14
 tagged by  Matt Caswell
on  Thu Apr 22 14:44:13 2021 +0100

- Log -
OpenSSL 3.0.0-alpha15 release tag
-BEGIN PGP SIGNATURE-

iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCBfa0RHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJGvTgf/fiHGPg+E4//YprhoG2EQlKNV7shbMEDl
vYbGn6upUSXfdnhc5Hgla7rw5OSq9DprNiUt3w6SWvmzOrND8m/f+rGj4ii5G/md
GOp5Fj1avenFe1pSoXiObcLHI9BcVR1XR0zvLEh8u07ObpbSvu9s8DnJmQ3Io5v0
nMwUx3nhuEiZyKdeQ1zXJ/t5zv7piIvNISAfudlso5zY3ETCNvecPEfEwDcEzPlK
GTati1KhX3XBgLuYkX3dR9PDCDLqiHCoLHLVe9B6fH6RVma9pEbiecVx4MOCfG+y
XmGhyuJFxww1wOpmJ1fcsJph06UTLDz0zbRrlMehdoSybnvwXgzucA==
=VmOl
-END PGP SIGNATURE-

Armin Fuerst (1):
  apps: fix warning about size_t / int conversion

Christian Heimes (1):
  Inherit hostflags verify params even without hosts

Dave Coombs (1):
  crl2pkcs7 shouldn't include empty optional sets

Dr. David von Oheimb (20):
  PEM_X509_INFO_read,{_bio}_ex(): Complete documentation in 
PEM_X509_INFO_read_bio_ex.pod
  d2i_PrivateKey{,_ex}() and PEM_X509_INFO_read_bio_ex(): Fix handling of 
RSA/DSA/EC private key
  PEM_X509_INFO_read_bio_ex(): Generalize to allow parsing any type of 
private key
  d2i_PrivateKey_decoder(): Fix premature exit on unsuccessful 
OSSL_DECODER_CTX_new_for_pkey()
  APPS: make apps strict on app_RAND_load() and app_RAND_write() failure
  APPS and TEST: Make sure prog name is set for usage output
  cmp_util.c: Fix OSSL_CMP_log_open() in case OPENSSL_NO_TRACE
  openssl-cmp.pod.in: Fix missing provider options description
  apps/cmp: Add generic random state options, e.g., for nonce generation
  80-test_cmp_http.t: Fix resumption when skipping after mock server launch 
failed
  80-test_cmp_http.t: Silence check for availability of 'kill' and 'lsof' 
commands
  80-test_cmp_http.t: Extend diagnostics of mock server launch
  OSSL_CMP_CTX_new(): Fix distinction of out-of-memory and other errors
  apps/cmp.c: Fix TLS hostname checking in case -server provides more than 
hostname
  PKCS12 etc.: Add hints on using -legacy and -provider-path options
  Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
  apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure
  DOC: Clarify EVP_MAC_init() params vs. EVP_MAC_CTX_set_params()
  tasn_dec.c: Add checks for it == NULL arguments; improve coding style
  ASN.1: Add some sanity checks for input len <= 0; related coding 
improvements

Dr. Matthias St. Pierre (1):
  util/wrap.pl: use the apps/openssl.cnf from the source tree

FdaSilvaYY (2):
  nits: fix a few typo in template code
  crypto: raise error on malloc failure clean a few style nits.

Jakub Wilk (1):
  doc: Fix formatting

Juergen Christ (1):
  Fix compile errors on s390.

Matt Caswell (17):
  Prepare for 3.0 alpha 15
  Only enable KTLS if it is explicitly configured
  Update KTLS documentation
  Remove the function EVP_PKEY_set_alias_type
  Remove a TODO(3.0) from X509_PUBKEY_set
  Store some FIPS global variables in the FIPS_GLOBAL structure
  Sanity check provider up-calls
  Change the default MANSUFFIX
  Fix some TODO(3.0) occurrences in ssl/t1_lib.c
  Don't worry about magic in the Makefile for 3.0
  Remove a TODO(3.0) from keymgmt_lib.c
  Change the semantics of OSSL_LIB_CTX_set0_default() NULL handling
  Add the function OSSL_LIB_CTX_get0_global_default()
  Add a test for OSSL_LIB_CTX_set0_default
  Avoid the need for Configure time 128-bit int detection
  Update copyright year
  Prepare for release of 3.0 alpha 15

MichaM (1):
  Fix typos

Nan Xiao (4):
  Fix typo in statem_clnt.c
  Fix typos in x509.pod
  demos: Add clean target for bio/Makefile
  Fix typo in aesccm.c

Nicola Tuveri (1):
  Add missing argname for keymgmt_gettable_params and 
keymgmt_settable_params prototypes

Pauli (26):
  apps: fix Camellia CBC performance loop
  Add additional KMAC error
  kmac: add long customisation string example
  kmac: fix customistation string overflow bug
  kmac: update the documention for the customisation string maximum length
  Note deprecated function/macros with no replacement.
  bio: add a malloc failed error to BIO_print
  bio: note that BIO_sprintf null terminates on insufficient space.
  bio_printf: add \0 terminators for error returns in floating point 
conversions.
  changes: note that some ctrl calls have a different error return.
  SipHash: Fix CTRL API for the digest size.
  lifecycle: correct [sg]ettable to [sg]et
  lifecycle: update master lifecycle transition spreadsheet fixing the 
ettable issue

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  ed82976b43934789b5afa0641236d881b1aedd0e (commit)
   via  b07412ef80ebbcdb8ce2c9fbf714802288fc7ee4 (commit)
  from  f5afac4bdac31a52f1577a8d158559f0a4f7bed7 (commit)


- Log -
commit ed82976b43934789b5afa0641236d881b1aedd0e
Author: Matt Caswell 
Date:   Thu Apr 22 14:44:22 2021 +0100

Prepare for 3.0 alpha 16

Reviewed-by: Tomas Mraz 

commit b07412ef80ebbcdb8ce2c9fbf714802288fc7ee4
Author: Matt Caswell 
Date:   Thu Apr 22 14:44:12 2021 +0100

Prepare for release of 3.0 alpha 15

Reviewed-by: Tomas Mraz 

---

Summary of changes:
 VERSION.dat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION.dat b/VERSION.dat
index 8a36d47d64..2e16aa375b 100644
--- a/VERSION.dat
+++ b/VERSION.dat
@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
 PATCH=0
-PRE_RELEASE_TAG=alpha15-dev
+PRE_RELEASE_TAG=alpha16-dev
 BUILD_METADATA=
 RELEASE_DATE=""
 SHLIB_VERSION=3

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  f5afac4bdac31a52f1577a8d158559f0a4f7bed7 (commit)
  from  d97f08706314a0b7e8ea5f2be6bceccd39e1dfd4 (commit)


- Log -
commit f5afac4bdac31a52f1577a8d158559f0a4f7bed7
Author: Matt Caswell 
Date:   Thu Apr 22 14:38:44 2021 +0100

Update copyright year

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/14986)

---

Summary of changes:
 apps/crl2p7.c   | 2 +-
 apps/lib/app_x509.c | 2 +-
 crypto/asn1/a_d2i_fp.c  | 2 +-
 crypto/asn1/a_dup.c | 2 +-
 crypto/asn1/ameth_lib.c | 2 +-
 crypto/asn1/bio_asn1.c  | 2 +-
 crypto/asn1/p5_pbe.c| 2 +-
 crypto/asn1/p5_pbev2.c  | 2 +-
 crypto/asn1/p5_scrypt.c | 2 +-
 crypto/bio/b_print.c| 2 +-
 crypto/bio/bf_buff.c| 2 +-
 crypto/bio/bf_lbuf.c| 2 +-
 crypto/bio/bss_file.c   | 2 +-
 crypto/bio/bss_log.c| 2 +-
 crypto/bn/bn_gf2m.c | 2 +-
 crypto/bn/bn_mod.c  | 2 +-
 crypto/cmac/cmac.c  | 2 +-
 crypto/crmf/crmf_lib.c  | 2 +-
 crypto/dsa/dsa_depr.c   | 2 +-
 crypto/evp/bio_md.c | 2 +-
 crypto/evp/bio_ok.c | 2 +-
 crypto/evp/cmeth_lib.c  | 2 +-
 crypto/evp/e_aes_cbc_hmac_sha1.c| 2 +-
 crypto/evp/e_aes_cbc_hmac_sha256.c  | 2 +-
 crypto/evp/e_chacha20_poly1305.c| 2 +-
 crypto/evp/e_null.c | 2 +-
 crypto/evp/e_rc2.c  | 2 +-
 crypto/evp/e_xcbc_d.c   | 2 +-
 crypto/evp/legacy_md2.c | 2 +-
 crypto/evp/legacy_md4.c | 2 +-
 crypto/evp/legacy_md5.c | 2 +-
 crypto/evp/legacy_md5_sha1.c| 2 +-
 crypto/evp/legacy_mdc2.c| 2 +-
 crypto/evp/legacy_ripemd.c  | 2 +-
 crypto/evp/legacy_sha.c | 2 +-
 crypto/evp/legacy_wp.c  | 2 +-
 crypto/evp/m_null.c | 2 +-
 crypto/evp/p_sign.c | 2 +-
 crypto/evp/p_verify.c   | 2 +-
 crypto/ocsp/ocsp_lib.c  | 2 +-
 crypto/pkcs12/p12_utl.c | 2 +-
 crypto/x509/x509spki.c  | 2 +-
 crypto/x509/x_name.c| 2 +-
 demos/evp/aesccm.c  | 2 +-
 doc/internal/man3/ossl_cmp_msg_protect.pod  | 2 +-
 doc/man3/BIO_printf.pod | 2 +-
 doc/man3/OSSL_LIB_CTX.pod   | 2 +-
 doc/man3/PEM_X509_INFO_read_bio_ex.pod  | 2 +-
 doc/man3/SSL_CONF_cmd.pod   | 2 +-
 doc/man3/SSL_CTX_set_mode.pod   | 2 +-
 doc/man3/SSL_CTX_set_options.pod| 2 +-
 doc/man3/d2i_PrivateKey.pod | 2 +-
 doc/man7/EVP_PKEY-DH.pod| 2 +-
 doc/man7/EVP_PKEY-DSA.pod   | 2 +-
 doc/man7/OSSL_PROVIDER-FIPS.pod | 2 +-
 doc/man7/x509.pod   | 2 +-
 ms/applink.c| 2 +-
 ms/uplink.c | 2 +-
 providers/common/provider_seeding.c | 2 +-
 providers/legacyprov.c  | 2 +-
 ssl/record/rec_layer_s3.c   | 2 +-
 ssl/statem/statem_dtls.c| 2 +-
 test/conf_include_test.c| 2 +-
 test/context_internal_test.c| 2 +-
 test/evp_fetch_prov_test.c  | 2 +-
 test/recipes/30-test_evp_data/evppkey_ecdh.txt  | 2 +-
 test/recipes/60-test_x509_check_cert_pkey.t | 2 +-
 test/recipes/95-test_external_krb5_data/krb5.sh | 2 +-
 test/testutil/apps_mem.c| 2 +-
 test/x509_check_cert_pkey_test.c| 2 +-
 util/add-depends.pl | 2 +-
 util/mkdef.pl   | 2 +-
 72 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 565384944e..42c18555bb 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  

Build completed: openssl master.41674

[AppVeyor]

Build openssl master.41674 completed



Commit 1e6e7e81fe by Prcuvu on 3/14/2020 3:59 AM:

e_os.h: Include wspiapi.h to improve Windows backward compatibility


Configure your notification preferences

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  d97f08706314a0b7e8ea5f2be6bceccd39e1dfd4 (commit)
  from  cd28d129b6a5b84ac40b4a3f8060a6f764aa02b4 (commit)


- Log -
commit d97f08706314a0b7e8ea5f2be6bceccd39e1dfd4
Author: Tomas Mraz 
Date:   Thu Apr 22 14:12:45 2021 +0200

Fix build failure with MSVC

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/14983)

---

Summary of changes:
 crypto/ec/curve448/arch_32/f_impl32.c | 1 +
 crypto/ec/curve448/arch_64/f_impl64.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/crypto/ec/curve448/arch_32/f_impl32.c 
b/crypto/ec/curve448/arch_32/f_impl32.c
index 812c06d84a..507b185f64 100644
--- a/crypto/ec/curve448/arch_32/f_impl32.c
+++ b/crypto/ec/curve448/arch_32/f_impl32.c
@@ -10,6 +10,7 @@
  * Originally written by Mike Hamburg
  */
 
+#include "e_os.h"
 #include "openssl/macros.h"
 #include "internal/numbers.h"
 
diff --git a/crypto/ec/curve448/arch_64/f_impl64.c 
b/crypto/ec/curve448/arch_64/f_impl64.c
index bdafc0de92..764d911dfb 100644
--- a/crypto/ec/curve448/arch_64/f_impl64.c
+++ b/crypto/ec/curve448/arch_64/f_impl64.c
@@ -10,6 +10,7 @@
  * Originally written by Mike Hamburg
  */
 
+#include "e_os.h"
 #include "openssl/macros.h"
 #include "internal/numbers.h"
 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec2m

Commit log since last time:

3e73111d13 ASN.1: Add some sanity checks for input len <= 0; related coding 
improvements
db76a35e26 tasn_dec.c: Add checks for it == NULL arguments; improve coding style
c0e724fcbe DOC: Clarify EVP_MAC_init() params vs. EVP_MAC_CTX_set_params()
5c42f7aa64 Use build.info not file-wide ifndef
1fbf7079e7 STORE: Discard the error report filter in crypto/store/store_result.c
7aef200089 TEST: Adapt the EVP test
9cc97ddf3c Adapt our decoder implementations to the new way to indicate succes 
/ failure
f99659535d ENCODER & DECODER: Allow decoder implementations to specify "carry 
on"
a2502862f6 Fix memory leak in X509_REQ
4e030ed45d apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure
2ec6491669 asn1: fix indentation
c4685815bf dsa: remove unused macro
42e7d043f0 srp: remove references to EVP_sha1()
3f700d4b95 pem: remove references to EVP_sha1()
e27fea4640 ocsp: remove references to EVP_sha1()
27344bb82a cms: remove most references to EVP_sha1()
192d500878 x509: remove most references to EVP_sha1()
6bcbc36985 test: fix double free problems.
efe8d69daa engine: fix double free on error path.
db78c84eb2 ts: fix double free on error path.
b06450bcf7 srp: fix double free,
4ecb19d109 params_dup: fix off by one error that allows array overreach.
1c0eede982 Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
a78c7c0bfe Flip ordering back
99adfa455c Fetch before get-by-name
606a417fb2 Fetch and free cipher and md's
c39352e4e4 Fix compile errors on s390.
72f649e061 Remove extra trailing semicolon
cd0aca5320 Update krb5 module to latest release
16b8862d80 PKCS12 etc.: Add hints on using -legacy and -provider-path options
ee203a87ff Add a test for OSSL_LIB_CTX_set0_default
978e323a4d Add the function OSSL_LIB_CTX_get0_global_default()
92b20fb8f7 Change the semantics of OSSL_LIB_CTX_set0_default() NULL handling
145a4c871d Remove a TODO(3.0) from keymgmt_lib.c
21d1994faf Don't worry about magic in the Makefile for 3.0
57e7401fc5 Fix some TODO(3.0) occurrences in ssl/t1_lib.c
b247113c05 Detect low-level engine and app method based keys
5ae52001e1 Remove crypt32.lib from C++Builder configuration
daf98015aa Link with uplink module
491a1e3363 Link with .def files
16f2a44435 Generate dependency information
96d4ec6724 Avoid more MSVC-specific C runtime library functions
6afb36342d Build resource files
5fee3fe276 Support DLL builds + Fix C RTL variants
c4f4cb14e3 Ensure cw32mt.lib and import32.lib are linked to in no-sock mode
55aa235e85 Document C++Builder usage in NOTES-WINDOWS.md
d5a6b54b49 Replace "ld_wildcard_args" with "bin_lflags"
847f41d97c Add explanation + bugtracker link for quoted dependency workarounds
583a9f1f6b Use cmd.exe to export env vars before commands
f1ee757daa Resurrect and modernize C++Builder config
a8368d573e Avoid redirection to quoted filename
a75a87561b Generalize link rule in windows-makefile.tmpl
830cd025b1 Ensure at least one command if no dependencies
8557bdde48 Avoid quoting dependency filepaths in build tree
e15eff3aaa Generalize delimiter in archiver response file
118faf5ffe Avoid space between "-I" and include directory
23f3242ffe Move VS Tools configuration to VC-common target
1bb381227b Avoid "&&" in windows-makefile.tmpl
a4afa6c1d0 Add test for the IV handling of DES based ciphers
d6c6f6c51d Do IV reset also for DES and 3DES implementations
ae6f65ae08 Change the default MANSUFFIX
185e1aa226 Add DHX FIPS 186-4 domain parameter validation example

Build log ended with (last 100 lines):

70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 
Killing mock server with pid=381362880-test_cmp_http.t . ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t 

Build failed: openssl master.41673

[AppVeyor]

Build openssl master.41673 failed


Commit 6d7d292fbc by Tomas Mraz on 4/20/2021 4:16 PM:

fixup! Trivial shortcuts for EVP_PKEY_eq()


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des

Commit log since last time:

3e73111d13 ASN.1: Add some sanity checks for input len <= 0; related coding 
improvements
db76a35e26 tasn_dec.c: Add checks for it == NULL arguments; improve coding style
c0e724fcbe DOC: Clarify EVP_MAC_init() params vs. EVP_MAC_CTX_set_params()
5c42f7aa64 Use build.info not file-wide ifndef
1fbf7079e7 STORE: Discard the error report filter in crypto/store/store_result.c
7aef200089 TEST: Adapt the EVP test
9cc97ddf3c Adapt our decoder implementations to the new way to indicate succes 
/ failure
f99659535d ENCODER & DECODER: Allow decoder implementations to specify "carry 
on"
a2502862f6 Fix memory leak in X509_REQ
4e030ed45d apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure
2ec6491669 asn1: fix indentation
c4685815bf dsa: remove unused macro
42e7d043f0 srp: remove references to EVP_sha1()
3f700d4b95 pem: remove references to EVP_sha1()
e27fea4640 ocsp: remove references to EVP_sha1()
27344bb82a cms: remove most references to EVP_sha1()
192d500878 x509: remove most references to EVP_sha1()
6bcbc36985 test: fix double free problems.
efe8d69daa engine: fix double free on error path.
db78c84eb2 ts: fix double free on error path.
b06450bcf7 srp: fix double free,
4ecb19d109 params_dup: fix off by one error that allows array overreach.
1c0eede982 Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
a78c7c0bfe Flip ordering back
99adfa455c Fetch before get-by-name
606a417fb2 Fetch and free cipher and md's
c39352e4e4 Fix compile errors on s390.
72f649e061 Remove extra trailing semicolon
cd0aca5320 Update krb5 module to latest release
16b8862d80 PKCS12 etc.: Add hints on using -legacy and -provider-path options
ee203a87ff Add a test for OSSL_LIB_CTX_set0_default
978e323a4d Add the function OSSL_LIB_CTX_get0_global_default()
92b20fb8f7 Change the semantics of OSSL_LIB_CTX_set0_default() NULL handling
145a4c871d Remove a TODO(3.0) from keymgmt_lib.c
21d1994faf Don't worry about magic in the Makefile for 3.0
57e7401fc5 Fix some TODO(3.0) occurrences in ssl/t1_lib.c
b247113c05 Detect low-level engine and app method based keys
5ae52001e1 Remove crypt32.lib from C++Builder configuration
daf98015aa Link with uplink module
491a1e3363 Link with .def files
16f2a44435 Generate dependency information
96d4ec6724 Avoid more MSVC-specific C runtime library functions
6afb36342d Build resource files
5fee3fe276 Support DLL builds + Fix C RTL variants
c4f4cb14e3 Ensure cw32mt.lib and import32.lib are linked to in no-sock mode
55aa235e85 Document C++Builder usage in NOTES-WINDOWS.md
d5a6b54b49 Replace "ld_wildcard_args" with "bin_lflags"
847f41d97c Add explanation + bugtracker link for quoted dependency workarounds
583a9f1f6b Use cmd.exe to export env vars before commands
f1ee757daa Resurrect and modernize C++Builder config
a8368d573e Avoid redirection to quoted filename
a75a87561b Generalize link rule in windows-makefile.tmpl
830cd025b1 Ensure at least one command if no dependencies
8557bdde48 Avoid quoting dependency filepaths in build tree
e15eff3aaa Generalize delimiter in archiver response file
118faf5ffe Avoid space between "-I" and include directory
23f3242ffe Move VS Tools configuration to VC-common target
1bb381227b Avoid "&&" in windows-makefile.tmpl
a4afa6c1d0 Add test for the IV handling of DES based ciphers
d6c6f6c51d Do IV reset also for DES and 3DES implementations
ae6f65ae08 Change the default MANSUFFIX
185e1aa226 Add DHX FIPS 186-4 domain parameter validation example

Build log ended with (last 100 lines):

70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 
Killing mock server with pid=348215480-test_cmp_http.t . ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t 

[openssl] master update

[Matt Caswell]

The branch master has been updated
   via  cd28d129b6a5b84ac40b4a3f8060a6f764aa02b4 (commit)
  from  af9fb19a476911bf7ceabcf3b21923dd5bbd9ac6 (commit)


- Log -
commit cd28d129b6a5b84ac40b4a3f8060a6f764aa02b4
Author: Matt Caswell 
Date:   Mon Apr 19 17:31:28 2021 +0100

Avoid the need for Configure time 128-bit int detection

We just detect this at compile time instead.

This avoids cross-compilation problems where the host platform supports
128-bit ints, but the target platform does not (or vice versa). This was
causing a problem on some platforms where, dependent on the CFLAGS, 128 bit
ints were either supported or not.

Fixes #14804

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/14941)

---

Summary of changes:
 Configure   | 14 --
 crypto/ec/build.info|  9 ++---
 crypto/ec/curve448/arch_32/{f_impl.c => f_impl32.c} | 11 ++-
 crypto/ec/curve448/arch_64/{f_impl.c => f_impl64.c} | 11 ++-
 4 files changed, 22 insertions(+), 23 deletions(-)
 rename crypto/ec/curve448/arch_32/{f_impl.c => f_impl32.c} (92%)
 rename crypto/ec/curve448/arch_64/{f_impl.c => f_impl64.c} (96%)

diff --git a/Configure b/Configure
index 76c27bacb8..613b48e7d9 100755
--- a/Configure
+++ b/Configure
@@ -1573,20 +1573,6 @@ if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O 
ne 'VMS') {
 }
 }
 
-# Check if __SIZEOF_INT128__ is defined by compiler
-$config{use_int128} = 0;
-{
-my $cc = $config{CROSS_COMPILE}.$config{CC};
-open(PIPE, "$cc -E -dM - &1 |");
-while() {
-if (m/__SIZEOF_INT128__/) {
-$config{use_int128} = 1;
-last;
-}
-}
-close(PIPE);
-}
-
 # Deal with bn_ops ###
 
 $config{bn_ll}  =0;
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index e4c8cf6d82..ed256981c7 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -50,13 +50,8 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c 
ec_mult.c \
 ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
 curve448/f_generic.c curve448/scalar.c \
 curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
-$ECASM ec_backend.c ecx_backend.c ecdh_kdf.c
-
-IF[{- $config{'use_int128'} eq "1" -}]
-  $COMMON=$COMMON curve448/arch_64/f_impl.c
-ELSE
-  $COMMON=$COMMON curve448/arch_32/f_impl.c
-ENDIF
+$ECASM ec_backend.c ecx_backend.c ecdh_kdf.c 
curve448/arch_64/f_impl64.c \
+curve448/arch_32/f_impl32.c
 
 IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
   $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
diff --git a/crypto/ec/curve448/arch_32/f_impl.c 
b/crypto/ec/curve448/arch_32/f_impl32.c
similarity index 92%
rename from crypto/ec/curve448/arch_32/f_impl.c
rename to crypto/ec/curve448/arch_32/f_impl32.c
index 2e9419b66d..812c06d84a 100644
--- a/crypto/ec/curve448/arch_32/f_impl.c
+++ b/crypto/ec/curve448/arch_32/f_impl32.c
@@ -10,7 +10,15 @@
  * Originally written by Mike Hamburg
  */
 
-#include "../field.h"
+#include "openssl/macros.h"
+#include "internal/numbers.h"
+
+#ifdef UINT128_MAX
+/* We have support for 128 bit ints, so do nothing here */
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "../field.h"
 
 void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
 {
@@ -93,3 +101,4 @@ void gf_sqr(gf_s * RESTRICT cs, const gf as)
 {
 gf_mul(cs, as, as); /* Performs better with a dedicated square */
 }
+#endif
diff --git a/crypto/ec/curve448/arch_64/f_impl.c 
b/crypto/ec/curve448/arch_64/f_impl64.c
similarity index 96%
rename from crypto/ec/curve448/arch_64/f_impl.c
rename to crypto/ec/curve448/arch_64/f_impl64.c
index 035355cf04..bdafc0de92 100644
--- a/crypto/ec/curve448/arch_64/f_impl.c
+++ b/crypto/ec/curve448/arch_64/f_impl64.c
@@ -10,7 +10,15 @@
  * Originally written by Mike Hamburg
  */
 
-#include "../field.h"
+#include "openssl/macros.h"
+#include "internal/numbers.h"
+
+#ifndef UINT128_MAX
+/* No support for 128 bit ints, so do nothing here */
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "../field.h"
 
 void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
 {
@@ -198,3 +206,4 @@ void gf_sqr(gf_s * RESTRICT cs, const gf as)
 c[4] += ((uint64_t)(accum0)) + ((uint64_t)(accum1));
 c[0] += ((uint64_t)(accum1));
 }
+#endif