[tools] master update
The branch master has been updated via e771ebd4a0e349d929dc2e6f7ad2af48978e772d (commit) from fa7b4ef4e67bb944a40c83539b216c398426bfc1 (commit) - Log - commit e771ebd4a0e349d929dc2e6f7ad2af48978e772d Author: Pauli Date: Tue May 4 18:14:32 2021 +1000 run-checker: disable debug flag for builds It is more representative of reality. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/tools/pull/86) --- Summary of changes: run-checker/run-checker.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh index b59283c..dbb3da5 100755 --- a/run-checker/run-checker.sh +++ b/run-checker/run-checker.sh @@ -132,7 +132,7 @@ if run-hook prepare; then else builddir="$(echo $opt | sed -e 's|[ /]|_|g')" fi -if run-hook start "$builddir" "$opt" -d $warnopts $expandedopts; then +if run-hook start "$builddir" "$opt" $warnopts $expandedopts; then if ( set -e @@ -143,7 +143,7 @@ if run-hook prepare; then echo "Building with '$opt'" log-eval \ -CC=$optcc ../openssl/config -d $warnopts $expandedopts \ +CC=$optcc ../openssl/config $warnopts $expandedopts \ >build.log 2>&1 || \ exit $?
[openssl] master update
The branch master has been updated via 029875dc5ba28f18e3067c883fb53c9ae91d6954 (commit) from 355e1f041cde9f1b5e362f834cf4538204f53586 (commit) - Log - commit 029875dc5ba28f18e3067c883fb53c9ae91d6954 Author: Tomas Mraz Date: Mon May 3 15:45:31 2021 +0200 Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3 The maximum (theoretical) block size of SHA3 is 200 bytes. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15125) --- Summary of changes: include/openssl/hmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index c5b4e670ac..c954b3767d 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -21,7 +21,7 @@ # include # ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HMAC_MAX_MD_CBLOCK 128/* Deprecated */ +# define HMAC_MAX_MD_CBLOCK 200/* Deprecated */ # endif # ifdef __cplusplus
[openssl] master update
The branch master has been updated via 355e1f041cde9f1b5e362f834cf4538204f53586 (commit) from 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 (commit) - Log - commit 355e1f041cde9f1b5e362f834cf4538204f53586 Author: Richard Levitte Date: Wed Apr 28 18:08:00 2021 +0200 DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs Fixes #11165 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15073) --- Summary of changes: doc/man3/OSSL_PARAM.pod | 6 ++ 1 file changed, 6 insertions(+) diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod index 593bb21ef1..98d75c9fa2 100644 --- a/doc/man3/OSSL_PARAM.pod +++ b/doc/man3/OSSL_PARAM.pod @@ -71,6 +71,12 @@ is NULL. The usual full terminating template is: This can also be specified using L. +=head2 Functional support + +Libcrypto offers a limited set of helper functions to handle +B items and arrays, please see L. +Developers are free to extend or replace those as they see fit. + =head2 B fields =over 4
[openssl] master update
The branch master has been updated via 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 (commit) from 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f (commit) - Log - commit 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 Author: Dr. David von Oheimb Date: Fri Apr 30 18:36:00 2021 +0200 HTTP client: Correct the use of optional proxy URL and its documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15104) --- Summary of changes: crypto/http/http_client.c | 34 ++ crypto/http/http_lib.c | 19 ++- doc/man1/openssl-cmp.pod.in | 36 +++- doc/man3/OSSL_HTTP_transfer.pod | 9 + 4 files changed, 48 insertions(+), 50 deletions(-) diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 9c2b593a2d..bf2e3b54c7 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -693,10 +693,11 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) /* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */, const char *server_port /* explicit server port */, - const char *proxy /* optionally includes ":port" */) + int use_ssl, + const char *proxy /* optionally includes ":port" */, + const char *proxy_port /* explicit proxy port */) { -const char *host = server, *host_end; -char host_name[100]; +const char *host = server; const char *port = server_port; BIO *cbio; @@ -705,20 +706,11 @@ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */, if (proxy != NULL) { host = proxy; -port = NULL; +port = proxy_port; } -host_end = strchr(host, '/'); -if (host_end != NULL) { -size_t host_len = host_end - host; - -if (host_len < sizeof(host_name)) { -/* chop trailing string starting with '/' */ -strncpy(host_name, host, host_len); -host_name[host_len] = '\0'; -host = host_name; -} -} +if (port == NULL && strchr(host, ':') == NULL) +port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; cbio = BIO_new_connect(host /* optionally includes ":port" */); if (cbio == NULL) @@ -854,6 +846,8 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, cbio = bio; } else { #ifndef OPENSSL_NO_SOCK +char *proxy_host = NULL, *proxy_port = NULL; + if (server == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); return NULL; @@ -863,7 +857,15 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, if (port == NULL && strchr(server, ':') == NULL) port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; proxy = ossl_http_adapt_proxy(proxy, no_proxy, server, use_ssl); -if ((cbio = HTTP_new_bio(server, port, proxy)) == NULL) +if (proxy != NULL +&& !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */, +_host, _port, NULL /* num */, +NULL /* path */, NULL, NULL)) +return NULL; +cbio = HTTP_new_bio(server, port, use_ssl, proxy_host, proxy_port); +OPENSSL_free(proxy_host); +OPENSSL_free(proxy_port); +if (cbio == NULL) return NULL; #else ERR_raise(ERR_LIB_HTTP, HTTP_R_SOCK_NOT_SUPPORTED); diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index a8697cca33..2aa0736ac5 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -113,7 +113,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, /* remaining port spec handling is also done for the default values */ /* make sure a decimal port number is given */ if (!sscanf(port, "%u", ) || portnum > 65535) { -ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER); +ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port); goto err; } for (port_end = port; '0' <= *port_end && *port_end <= '9'; port_end++) @@ -240,6 +240,7 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, return 0; } +/* Respect no_proxy, taking default value from environment variable(s) */ int ossl_http_use_proxy(const char *no_proxy, const char *server) { size_t sl; @@ -257,6 +258,7 @@ int ossl_http_use_proxy(const char *no_proxy, const char *server) no_proxy = getenv("no_proxy"); if (no_proxy == NULL) no_proxy =
[openssl] master update
The branch master has been updated via 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f (commit) from 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926 (commit) - Log - commit 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f Author: Dr. David von Oheimb Date: Sat May 1 22:19:54 2021 +0200 testutil/load.c: Add checks for file(name) == NULL Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15120) --- Summary of changes: test/testutil/load.c | 11 --- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/test/testutil/load.c b/test/testutil/load.c index 9b188eb8a6..444fb8a78d 100644 --- a/test/testutil/load.c +++ b/test/testutil/load.c @@ -20,7 +20,7 @@ X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx) X509 *cert = NULL; BIO *bio = NULL; -if (!TEST_ptr(bio = BIO_new(BIO_s_file( +if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new(BIO_s_file( return NULL; if (TEST_int_gt(BIO_read_filename(bio, file), 0) && TEST_ptr(cert = X509_new_ex(libctx, NULL))) @@ -30,17 +30,14 @@ X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx) return cert; } -STACK_OF(X509) *load_certs_pem(const char *filename) +STACK_OF(X509) *load_certs_pem(const char *file) { STACK_OF(X509) *certs; BIO *bio; X509 *x; -bio = BIO_new_file(filename, "r"); - -if (bio == NULL) { +if (!TEST_ptr(file) || (bio = BIO_new_file(file, "r")) == NULL) return NULL; -} certs = sk_X509_new_null(); if (certs == NULL) { @@ -74,7 +71,7 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx) EVP_PKEY *key = NULL; BIO *bio = NULL; -if (!TEST_ptr(bio = BIO_new(BIO_s_file( +if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new(BIO_s_file( return NULL; if (TEST_int_gt(BIO_read_filename(bio, file), 0)) (void)TEST_ptr(key = PEM_read_bio_PrivateKey_ex(bio, NULL, NULL, NULL,
[openssl] master update
The branch master has been updated via 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926 (commit) via d9efb24de8765ddc921b8e304372e8e33d4d65f4 (commit) via 6c3d101a62808b2f6ce92b338cc9a4ddd5bd67a2 (commit) via 6e328484ab17f671134077962ce1aa392e512423 (commit) from 7031f5821c4380d9c1f60a92734c940fdedfb488 (commit) - Log - commit 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926 Author: Dr. David von Oheimb Date: Mon Apr 26 14:55:18 2021 +0200 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15029) commit d9efb24de8765ddc921b8e304372e8e33d4d65f4 Author: Dr. David von Oheimb Date: Mon Apr 26 14:51:34 2021 +0200 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15029) commit 6c3d101a62808b2f6ce92b338cc9a4ddd5bd67a2 Author: Dr. David von Oheimb Date: Mon Apr 26 14:58:19 2021 +0200 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15029) commit 6e328484ab17f671134077962ce1aa392e512423 Author: Dr. David von Oheimb Date: Mon Apr 26 14:57:05 2021 +0200 OSSL_STORE_expect(): Improve error handling and documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15029) --- Summary of changes: apps/lib/apps.c| 34 -- crypto/encode_decode/decoder_lib.c | 9 + crypto/store/store_lib.c | 7 ++- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/OSSL_STORE_expect.pod | 10 ++ doc/man3/OSSL_STORE_open.pod | 4 ++-- 6 files changed, 36 insertions(+), 30 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index b87f271ee8..81b543ec68 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -828,6 +828,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, return ret; } +/* Set type expectation, but clear it if objects of different types expected. */ +#define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0); /* * Load those types of credentials for which the result pointer is not NULL. * Reads from stdio if uri is NULL and maybe_stdin is nonzero. @@ -860,47 +862,41 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" : pcrls != NULL ? "CRLs" : NULL; int cnt_expectations = 0; -int expect = 0; +int expect = -1; /* TODO make use of the engine reference 'eng' when loading pkeys */ if (ppkey != NULL) { *ppkey = NULL; cnt_expectations++; -expect = OSSL_STORE_INFO_PKEY; +SET_EXPECT(OSSL_STORE_INFO_PKEY); } if (ppubkey != NULL) { *ppubkey = NULL; cnt_expectations++; -expect = OSSL_STORE_INFO_PUBKEY; +SET_EXPECT(OSSL_STORE_INFO_PUBKEY); } if (pparams != NULL) { *pparams = NULL; cnt_expectations++; -expect = OSSL_STORE_INFO_PARAMS; +SET_EXPECT(OSSL_STORE_INFO_PARAMS); } if (pcert != NULL) { *pcert = NULL; cnt_expectations++; -expect = OSSL_STORE_INFO_CERT; +SET_EXPECT(OSSL_STORE_INFO_CERT); } -if (failed == NULL) { -BIO_printf(bio_err, "Internal error: nothing to load into from %s\n", - uri != NULL ? uri : ""); -return 0; -} - if (pcerts != NULL) { if (*pcerts == NULL && (*pcerts = sk_X509_new_null()) == NULL) { BIO_printf(bio_err, "Out of memory loading"); goto end; } cnt_expectations++; -expect = OSSL_STORE_INFO_CERT; +SET_EXPECT(OSSL_STORE_INFO_CERT); } if (pcrl != NULL) { *pcrl = NULL; cnt_expectations++; -expect = OSSL_STORE_INFO_CRL; +SET_EXPECT(OSSL_STORE_INFO_CRL); } if (pcrls != NULL) { if (*pcrls == NULL && (*pcrls = sk_X509_CRL_new_null()) == NULL) { @@ -908,7 +904,12 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, goto end; } cnt_expectations++; -expect = OSSL_STORE_INFO_CRL; +SET_EXPECT(OSSL_STORE_INFO_CRL); +} +if (cnt_expectations == 0) { +BIO_printf(bio_err, "Internal error: nothing to load from %s\n", + uri != NULL ? uri : ""); +return 0; } uidata.password = pass; @@ -937,10 +938,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, BIO_printf(bio_err, "Could not open file or uri for loading"); goto end;
[openssl] master update
The branch master has been updated via 7031f5821c4380d9c1f60a92734c940fdedfb488 (commit) from bad0d6c789b28526d7becec046ab7c80280c2110 (commit) - Log - commit 7031f5821c4380d9c1f60a92734c940fdedfb488 Author: Dr. David von Oheimb Date: Fri Apr 30 18:29:12 2021 +0200 OCSP: Minor improvements of documentation and header file Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15103) --- Summary of changes: CHANGES.md| 5 +++-- doc/man3/OCSP_sendreq_new.pod | 13 - include/openssl/ocsp.h.in | 8 util/other.syms | 1 + 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 0abee0a0ac..0e7b09432b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -328,14 +328,15 @@ OpenSSL 3.0 * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(), OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(), - OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(), + OCSP_REQ_CTX_i2d() and its special form OCSP_REQ_CTX_set1_req(), + OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(), OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length(). These were used to collect all necessary data to form a HTTP request, and to perform the HTTP transfer with that request. With OpenSSL 3.0, the type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(), OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(), - OSSL_HTTP_REQ_CTX_set1_req(), OSSL_HTTP_REQ_CTX_nbio(), + OSSL_HTTP_REQ_CTX_i2d(), OSSL_HTTP_REQ_CTX_nbio(), OSSL_HTTP_REQ_CTX_sendreq_d2i(), OSSL_HTTP_REQ_CTX_get0_mem_bio() and OSSL_HTTP_REQ_CTX_set_max_response_length(). diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod index f01aadad6b..10c6131f86 100644 --- a/doc/man3/OCSP_sendreq_new.pod +++ b/doc/man3/OCSP_sendreq_new.pod @@ -2,6 +2,7 @@ =head1 NAME +OCSP_REQ_CTX, OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_sendreq_bio, @@ -27,13 +28,14 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: + typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req); int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx, const char *name, const char *value); - void OCSP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx); + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); void OCSP_set_max_response_length(OCSP_REQ_CT *rctx, unsigned long len); - int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req); + int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); =head1 DESCRIPTION @@ -70,10 +72,11 @@ OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following: OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following: OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request", -ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req) +ASN1_ITEM_rptr(OCSP_REQUEST), +(const ASN1_VALUE *)req) -The other deprecated type and functions have been superseded by the -following equivalents: +The deprecated type and the remaining deprecated functions +have been superseded by the following equivalents: B by L, OCSP_REQ_CTX_add1_header() by L, OCSP_REQ_CTX_free() by L, and diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in index bf8bd7e676..83c8a175fe 100644 --- a/include/openssl/ocsp.h.in +++ b/include/openssl/ocsp.h.in @@ -186,8 +186,10 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; NULL, NULL, path) # define OCSP_REQ_CTX_add1_header(r, n, v) \ OSSL_HTTP_REQ_CTX_add1_header(r, n, v) -# define OCSP_REQ_CTX_i2d(r, i, req) \ -OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", i, req) +# define OCSP_REQ_CTX_i2d(r, it, req) \ +OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req) +# define OCSP_REQ_CTX_set1_req(r, req) \ +OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) # define OCSP_REQ_CTX_nbio(r) \ OSSL_HTTP_REQ_CTX_nbio(r) # define OCSP_REQ_CTX_nbio_d2i(r, p, i)\ @@ -196,8 +198,6 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; OSSL_HTTP_REQ_CTX_get0_mem_bio(r) # define OCSP_set_max_response_length(r, l) \ OSSL_HTTP_REQ_CTX_set_max_response_length(r, l) -# define OCSP_REQ_CTX_set1_req(r, req) \ -OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) # endif OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509
[openssl] master update
The branch master has been updated via bad0d6c789b28526d7becec046ab7c80280c2110 (commit) from f9548d21bae8667b71254d82478e0094a5a3982d (commit) - Log - commit bad0d6c789b28526d7becec046ab7c80280c2110 Author: Tomas Mraz Date: Tue May 4 12:28:42 2021 +0200 fips-checksums: The define for fips module is FIPS_MODULE Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15132) --- Summary of changes: providers/fips-sources.checksums | 160 +++ providers/fips.checksum | 2 +- util/fips-checksums.sh | 2 +- 3 files changed, 82 insertions(+), 82 deletions(-) diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 50d19c5117..8c46849215 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -67,9 +67,9 @@ d95277a3d7635a1f6a2613ba954606ae3c4bb260d11c85612ae83a05a726d03c crypto/bn/bn_a 6baa367447c968066e25934b0d00d3525b78ba00f733a5597988e810941dff88 crypto/bn/bn_asm.c e263280dcd108a479b0ec60069ae7e74893135f6253bac4094279d2cf30557a8 crypto/bn/bn_blind.c 7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6 crypto/bn/bn_const.c -354b467799488fabfc15597b0b16cfde805826ba1b7ab6ba78ac2d1606337f1a crypto/bn/bn_conv.c -ac212b69f4958abaedae9a830fd5084a8e9e166b748b9f3cacfaa2dae77a5570 crypto/bn/bn_ctx.c -55349393c0a3f73edfe8a8b9953bd13cbda6186dbeb097e71748885947f672ed crypto/bn/bn_dh.c +d66453ceb0a1be02a9cd2aef0ceec5943a2b9ec42e2fe66c13d03bb669389749 crypto/bn/bn_conv.c +2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c +d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c 034baac767c911705235da9507e0b9d029ec3746c5469069a110ed899cf7ddff crypto/bn/bn_div.c fb4104aa82438b5dda1592a7d41e8936356734801b26f864c22264615cb4df4d crypto/bn/bn_exp.c 4a0295e30ac91bfbfdcd3f2d0cbd5eaf4f5a44b4bba3135b137a692394a2f897 crypto/bn/bn_exp2.c @@ -83,8 +83,8 @@ dc213ef490a96c5e199e06058c32ae599825c668fc08d815d6384f57600df21d crypto/bn/bn_k 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60 crypto/bn/bn_mpi.c 02bf294bad18d12542fbe60a5ab0eea36dbc914b6d445ad8f4dd03324ee2a33e crypto/bn/bn_mul.c 0d4a2c25a3acd4adb45234837d427574bcb1e6800b69f8dfe68478d831491cf1 crypto/bn/bn_nist.c -b5ef389b9dd161d72d3e1c09ed8994112b6fe186294fd83139ed45729a7f5e64 crypto/bn/bn_prime.c -27c2196707a7b08cf2f04ee1a79212754196eeae5af2fa5048adac3072616399 crypto/bn/bn_rand.c +2567f88812ba315eca454659a9d2eaeacc8d1753c9c19866ff00d2beed707636 crypto/bn/bn_prime.c +cb27f0d2cc9d2d5f82b40378517e26fe2d9a5092f50fd26cdf648ae954190f2b crypto/bn/bn_rand.c 2a47b990bc53fec79013e0b2d1a9ee3512019705d6ec3a2625c43b0fb42d41aa crypto/bn/bn_recp.c 4e3d0ebda2d250887634ab491b398a71778431b3db4bc1eb329542f4bd0798cc crypto/bn/bn_rsa_fips186_4.c 9bbad44e0007a2a7f6caaa1a9c6a9d4e667afdac898b32598483ae336479cb72 crypto/bn/bn_shift.c @@ -96,10 +96,10 @@ ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05 crypto/bn/rsaz 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c 35e3ad090adedc8e5873e2831bf713e1f52846b4cbdd232e01692ebe35318c3c crypto/cmac/cmac.c -7f530e7d0fc7953aa6b70749796d31c1a03aa34e79a7dfd8b625a786e44c6171 crypto/context.c +f63058e3d3df38f44856f062b7e67d58681488dbe7f27d90979cc4afdfe4a395 crypto/context.c 0a27ead487bd4775cece449dab53ca5aa9d1997012c85b1dcd2178d3b851dd94 crypto/core_algorithm.c 2185a7d136ee77725fc1b8a6b401bebceeeddc067eea0482e0ab2916ce550e78 crypto/core_fetch.c -4ccc57e4bbd46b56c481a3e3c0c105ee27e82a87909637b75e605274e7f3cb44 crypto/core_namemap.c +66d5fa1814ec1c80c1635dad5d4311722d20890afe44133f958a4be4447b8252 crypto/core_namemap.c 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c 7c5237bdc26eca21d4ccb25f13569e217103fe21574157b813c2aecd05983472 crypto/cryptlib.c 53529f4e0575dd83b45a53e852fcec512ada53dd6979268e473885f139b8e0b9 crypto/ctype.c @@ -108,19 +108,19 @@ b8272245e1a3bc813aeb48a1155ac37bc979ad4a6ff55baa8c97e62115abb0d1 crypto/des/des eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb3_enc.c cb363ba00f38e84c43af4802d8477a8877db3cea2fdc75299fec16f451ef1c69 crypto/des/fcrypt_b.c 5771c2e517df1dfa35e0cc06ce1d9808e3a5ab21110020d4bdf77284fedb41e1 crypto/des/set_key.c -47035cde6151da2aaabd614990d47de63550fed2561900559bd75305dd3856c8 crypto/dh/dh_backend.c -3f4f990509263483f3c0a57c2d40809eb5680d57197370314f94bc79f0389bed crypto/dh/dh_check.c -e6aa1e0379f298dd4250a376f3854db5d919d8b9557f3935b764b4b8ccd24de9 crypto/dh/dh_gen.c
[openssl] master update
The branch master has been updated via f9548d21bae8667b71254d82478e0094a5a3982d (commit) via 93954ab050b395275a9d8b084ab4aa9e815ce119 (commit) via b0ee1de9ab4fb8586934f3a8126432f06abf7115 (commit) from e3188bae04769242e62ae2fba96a0aca5b7ce605 (commit) - Log - commit f9548d21bae8667b71254d82478e0094a5a3982d Author: Matt Caswell Date: Wed Apr 28 15:23:16 2021 +0100 Document the new core BIO public API support Fixes #14409 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15072) commit 93954ab050b395275a9d8b084ab4aa9e815ce119 Author: Matt Caswell Date: Wed Apr 28 13:57:43 2021 +0100 Add a test for the public core bio API Check that reading/writing to a core bio via BIO_new_from_core_bio() works as expected. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15072) commit b0ee1de9ab4fb8586934f3a8126432f06abf7115 Author: Matt Caswell Date: Tue Apr 27 19:56:39 2021 +0100 Create libcrypto support for BIO_new_from_core_bio() Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an internal only concept for our own providers. Since this is likely to be generally useful, we make it a part of the public API. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15072) --- Summary of changes: crypto/bio/bio_lib.c | 8 +- crypto/bio/bio_local.h | 1 + crypto/bio/bss_core.c | 170 + crypto/bio/build.info | 2 +- crypto/context.c | 16 ++ doc/build.info | 6 + doc/man3/BIO_new.pod | 24 ++- doc/man3/BIO_s_core.pod| 72 + doc/man3/OSSL_LIB_CTX.pod | 17 ++- include/internal/bio.h | 2 + include/internal/cryptlib.h| 7 +- include/openssl/bio.h.in | 6 +- include/openssl/crypto.h.in| 1 + test/bio_core_test.c | 107 + test/build.info| 6 +- .../{04-test_bioprint.t => 04-test_bio_core.t} | 2 +- util/libcrypto.num | 4 + 17 files changed, 430 insertions(+), 21 deletions(-) create mode 100644 crypto/bio/bss_core.c create mode 100644 doc/man3/BIO_s_core.pod create mode 100644 test/bio_core_test.c copy test/recipes/{04-test_bioprint.t => 04-test_bio_core.t} (88%) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 6d360b62ed..5cdd6d7cfd 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -68,7 +68,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len, return ret; } -BIO *BIO_new(const BIO_METHOD *method) +BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method) { BIO *bio = OPENSSL_zalloc(sizeof(*bio)); @@ -77,6 +77,7 @@ BIO *BIO_new(const BIO_METHOD *method) return NULL; } +bio->libctx = libctx; bio->method = method; bio->shutdown = 1; bio->references = 1; @@ -107,6 +108,11 @@ err: return NULL; } +BIO *BIO_new(const BIO_METHOD *method) +{ +return BIO_new_ex(NULL, method); +} + int BIO_free(BIO *a) { int ret; diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h index 30e56cba8d..3d9afe0760 100644 --- a/crypto/bio/bio_local.h +++ b/crypto/bio/bio_local.h @@ -113,6 +113,7 @@ typedef struct bio_f_buffer_ctx_struct { } BIO_F_BUFFER_CTX; struct bio_st { +OSSL_LIB_CTX *libctx; const BIO_METHOD *method; /* bio, mode, argp, argi, argl, ret */ BIO_callback_fn callback; diff --git a/crypto/bio/bss_core.c b/crypto/bio/bss_core.c new file mode 100644 index 00..2baabe614e --- /dev/null +++ b/crypto/bio/bss_core.c @@ -0,0 +1,170 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "bio_local.h" +#include "internal/cryptlib.h" + +typedef struct { +OSSL_FUNC_BIO_read_ex_fn *c_bio_read_ex; +OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex; +OSSL_FUNC_BIO_gets_fn *c_bio_gets; +OSSL_FUNC_BIO_puts_fn *c_bio_puts; +OSSL_FUNC_BIO_ctrl_fn *c_bio_ctrl; +} BIO_CORE_GLOBALS; + +static void bio_core_globals_free(void *vbcg) +{ +OPENSSL_free(vbcg); +} + +static void
[openssl] master update
The branch master has been updated via e3188bae04769242e62ae2fba96a0aca5b7ce605 (commit) via 9deb202e6a54aee76a09c3a12c320c4a4c39a19f (commit) from a0baa98b5c1f805a30539e43ef62e2a43979773f (commit) - Log - commit e3188bae04769242e62ae2fba96a0aca5b7ce605 Author: Tomas Mraz Date: Mon May 3 10:53:08 2021 +0200 Run coveralls daily and not exactly at midnight Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15121) commit 9deb202e6a54aee76a09c3a12c320c4a4c39a19f Author: Tomas Mraz Date: Mon May 3 10:45:16 2021 +0200 coveralls: Enable fips as it is disabled by default Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15121) --- Summary of changes: .github/workflows/coveralls.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index 370f372ad3..758ed9b581 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -3,7 +3,7 @@ name: Coverage #Run once a week on: schedule: -- cron: '0 0 * * SAT' +- cron: '49 0 * * *' jobs: coverage: @@ -14,7 +14,7 @@ jobs: run: | sudo apt-get -yq install lcov - name: config - run: CC=gcc ./config --debug --coverage no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump + run: CC=gcc ./config --debug --coverage no-asm enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test
[openssl] master update
The branch master has been updated via a0baa98b5c1f805a30539e43ef62e2a43979773f (commit) from 67cd43084cacb976ef79bbc23ccab048b06e5c1c (commit) - Log - commit a0baa98b5c1f805a30539e43ef62e2a43979773f Author: Petr Gotthard Date: Sun May 2 23:26:23 2021 +0200 apps: Switch to X509_REQ_verify_ex Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15118) --- Summary of changes: apps/lib/apps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index bfea59bdc8..b87f271ee8 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2282,7 +2282,8 @@ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, int rv = 0; if (do_x509_req_init(x, vfyopts) > 0) -rv = (X509_REQ_verify(x, pkey) > 0); +rv = (X509_REQ_verify_ex(x, pkey, + app_get0_libctx(), app_get0_propq()) > 0); return rv; }
[openssl] master update
The branch master has been updated via 67cd43084cacb976ef79bbc23ccab048b06e5c1c (commit) from 5432d827ec2cffa2e75bf8dd0bc570288cba19f6 (commit) - Log - commit 67cd43084cacb976ef79bbc23ccab048b06e5c1c Author: Pauli Date: Sat May 1 13:38:34 2021 +1000 test: fix failure with FIPS and no-des configured. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15105) --- Summary of changes: test/recipes/80-test_pkcs12.t | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t index b259c1a335..12189da3a3 100644 --- a/test/recipes/80-test_pkcs12.t +++ b/test/recipes/80-test_pkcs12.t @@ -96,8 +96,8 @@ SKIP: { } SKIP: { -skip "Skipping legacy PKCS#12 test because RC2 is disabled in this build", 1 -if disabled("rc2") || disabled("legacy"); +skip "Skipping legacy PKCS#12 test because the required algorithms are disabled", 1 +if disabled("des") || disabled("rc2") || disabled("legacy"); # Test reading legacy PKCS#12 file ok(run(app(["openssl", "pkcs12", "-export", "-in", srctop_file(@path, "v3-certs-RC2.p12"),
[openssl] master update
The branch master has been updated via 5432d827ec2cffa2e75bf8dd0bc570288cba19f6 (commit) via 49ce00374030c74f527c9916bff7c2c7268f4318 (commit) from f97bc7c4240ba370c323c0d753d9d97f7a7c89bf (commit) - Log - commit 5432d827ec2cffa2e75bf8dd0bc570288cba19f6 Author: Richard Levitte Date: Mon May 3 08:48:17 2021 +0200 APPS: Add passphrase handling in the "rsa" and "dsa" commands They completely ignored any passphrase related setting. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15119) commit 49ce00374030c74f527c9916bff7c2c7268f4318 Author: Richard Levitte Date: Mon May 3 08:48:07 2021 +0200 APPS: Set a default passphrase UI for the "ec" command Fixes #15114 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15119) --- Summary of changes: apps/dsa.c | 14 ++ apps/ec.c | 3 +++ apps/rsa.c | 14 ++ 3 files changed, 31 insertions(+) diff --git a/apps/dsa.c b/apps/dsa.c index 9ea1098514..9a7bf04adb 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -267,6 +267,20 @@ int dsa_main(int argc, char **argv) goto end; } +/* Passphrase setup */ +if (enc != NULL) +OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL); + +/* Default passphrase prompter */ +if (enc != NULL || outformat == FORMAT_PVK) { +OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL); +if (passout != NULL) +/* When passout given, override the passphrase prompter */ +OSSL_ENCODER_CTX_set_passphrase(ectx, +(const unsigned char *)passout, +strlen(passout)); +} + /* PVK requires a bit more */ if (outformat == FORMAT_PVK) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; diff --git a/apps/ec.c b/apps/ec.c index 5103838da0..f8f77dd492 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -267,7 +267,10 @@ int ec_main(int argc, char **argv) NULL); if (enc != NULL) { OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL); +/* Default passphrase prompter */ +OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL); if (passout != NULL) +/* When passout given, override the passphrase prompter */ OSSL_ENCODER_CTX_set_passphrase(ectx, (const unsigned char *)passout, strlen(passout)); diff --git a/apps/rsa.c b/apps/rsa.c index fc1db506d7..47316757d5 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -335,6 +335,20 @@ int rsa_main(int argc, char **argv) goto end; } +/* Passphrase setup */ +if (enc != NULL) +OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL); + +/* Default passphrase prompter */ +if (enc != NULL || outformat == FORMAT_PVK) { +OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL); +if (passout != NULL) +/* When passout given, override the passphrase prompter */ +OSSL_ENCODER_CTX_set_passphrase(ectx, +(const unsigned char *)passout, +strlen(passout)); +} + /* PVK is a bit special... */ if (outformat == FORMAT_PVK) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
[openssl] master update
The branch master has been updated via f97bc7c4240ba370c323c0d753d9d97f7a7c89bf (commit) via 49f699b54d982c431c13f29ea08628ab599f1e6e (commit) via be22315235605ac50f735758f6c6edcb262146db (commit) via 27ca03ea829443ee750db148dde87cf3da900d9c (commit) via 841a438c7f67f697dd6710b26cc6536dd76a420a (commit) from 02669b677e6263b3d337ceb526b8b030477fe26b (commit) - Log - commit f97bc7c4240ba370c323c0d753d9d97f7a7c89bf Author: Richard Levitte Date: Tue Apr 27 11:23:12 2021 +0200 [TEMPORARY] make 'make update' verbose in ci.yml Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) commit 49f699b54d982c431c13f29ea08628ab599f1e6e Author: Richard Levitte Date: Fri May 3 13:24:39 2019 +0200 GitHub CI: ensure that unifdef is installed This is required for 'make update' and fips checksums Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) commit be22315235605ac50f735758f6c6edcb262146db Author: Richard Levitte Date: Fri May 3 13:12:59 2019 +0200 FIPS module checksums: add scripts and Makefile rule This adds the following scripts: util/lang-compress.pl: Compress source code, which language is determined by the first argument. For the moment, we know 'perl' (perlasm source code), 'C' (C source code) and 'S' (Assembler with C preprocessor directives). This removes comments and empty lines, and compresses series of horizontal spaces to one single space in the languages where that's appropriate. util/fips-checksums.sh: Takes source file names as arguments, pushes them through util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates the checksum on the result. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) commit 27ca03ea829443ee750db148dde87cf3da900d9c Author: Richard Levitte Date: Mon Apr 26 19:44:24 2021 +0200 Unix build file: Add a target to create providers/fips.module.sources This file will be the basis for the FIPS module checksum calculation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) commit 841a438c7f67f697dd6710b26cc6536dd76a420a Author: Richard Levitte Date: Mon Apr 26 19:41:54 2021 +0200 Add OpenSSL::Config::Query and use it in configdata.pm OpenSSL::Config::Query is a configuration querying tool that's meant to make it easier to query the diverse configuration data for info. That's much easier than to dig through all the parts of %unified_info. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) --- Summary of changes: .github/workflows/ci.yml | 6 +- Configurations/unix-Makefile.tmpl | 53 + configdata.pm.in | 26 ++- providers/fips-sources.checksums | 459 + providers/fips.checksum | 1 + providers/fips.module.sources | 467 ++ util/c-compress-test.pl | 54 + util/fips-checksums.sh| 31 +++ util/lang-compress.pl | 189 +++ util/perl/OpenSSL/Config/Query.pm | 177 +++ 10 files changed, 1460 insertions(+), 3 deletions(-) create mode 100644 providers/fips-sources.checksums create mode 100644 providers/fips.checksum create mode 100644 providers/fips.module.sources create mode 100755 util/c-compress-test.pl create mode 100755 util/fips-checksums.sh create mode 100755 util/lang-compress.pl create mode 100644 util/perl/OpenSSL/Config/Query.pm diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2e18fba41a..e37c7f54d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,13 +15,17 @@ jobs: check_update: runs-on: ubuntu-latest steps: +- name: install unifdef + run: | +sudo apt-get update +sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef - uses: actions/checkout@v2 - name: config run: ./config --strict-warnings enable-fips && perl configdata.pm --dump - name: make build_generated run: make -s build_generated - name: make update - run: make -s update + run: make update - name: git diff run: git diff --exit-code diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 4ace44477d..d98c42c85e 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1055,6 +1055,9 @@ uninstall_html_docs: # It's important that generate_buildinfo comes after ordinals, as ordinals # is sensitive to build.info changes. update: generate
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 4b1be3c8868cf0b26a031f68ffebc34248e1836c (commit) from 6682083fa51fb94b95afd68b2b57f7609d9e41e7 (commit) - Log - commit 4b1be3c8868cf0b26a031f68ffebc34248e1836c Author: Dmitry Belyavskiy Date: Sat May 1 13:29:05 2021 +0200 Use OCSP-specific error code for clarity Fixes #12735 for 1.1.1 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15109) --- Summary of changes: crypto/err/openssl.txt | 1 + include/openssl/sslerr.h | 3 ++- ssl/ssl_err.c| 4 +++- ssl/statem/statem_clnt.c | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 7e1776375d..e0e60ffa38 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2784,6 +2784,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback SSL_R_NULL_SSL_CTX:195:null ssl ctx SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed +SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\ old session compression algorithm not returned diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 82983d3c1e..9060fd1b75 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -633,6 +633,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 # define SSL_R_NULL_SSL_CTX 195 # define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OCSP_CALLBACK_FAILURE 294 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED197 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 # define SSL_R_OVERFLOW_ERROR 237 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 4b12ed1485..d0c69821b5 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1018,6 +1018,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, +{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), +"ocsp callback failure"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index de58f1a4b7..5543e08c59 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2833,7 +2833,7 @@ int tls_process_initial_server_flight(SSL *s) if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, - ERR_R_MALLOC_FAILURE); + SSL_R_OCSP_CALLBACK_FAILURE); return 0; } }
[openssl] master update
The branch master has been updated via 02669b677e6263b3d337ceb526b8b030477fe26b (commit) via 0d6c144e8d0c53e8947e3a76225ea33b3e29abc8 (commit) from d1a770414acd34c774248ce8efbe202fd7a44041 (commit) - Log - commit 02669b677e6263b3d337ceb526b8b030477fe26b Author: Richard Levitte Date: Thu Apr 29 12:50:33 2021 +0200 Windows build file: add forgotten quotes on POD->html command line Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15084) commit 0d6c144e8d0c53e8947e3a76225ea33b3e29abc8 Author: Richard Levitte Date: Sat May 1 07:29:27 2021 +0200 OpenSSL::Test: When prefixing command with $^X on Windows, fix it up! The perl interpreter name itself might contain spaces and need quoting. __fixup_prg() does this for us. Fixes #14256 Co-authored-by: Tomáš Mráz Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15084) --- Summary of changes: Configurations/windows-makefile.tmpl | 2 +- util/perl/OpenSSL/Test.pm| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 4843106de2..014c1eb8d1 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -686,7 +686,7 @@ EOF my $pod = $gen0; return <<"EOF"; $args{src}: "$pod" - \$(PERL) \$(SRCDIR)/util/mkpod2html.pl -i "$pod" -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" + "\$(PERL)" "\$(SRCDIR)/util/mkpod2html.pl" -i "$pod" -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" EOF } elsif (platform->isdef($args{src})) { # diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index 4dc1bad188..55f26cc630 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -1232,7 +1232,7 @@ sub __wrap_cmd { # In the Windows case, we run perl explicitly. We might not # need it, but that depends on if the user has associated the # '.pl' extension with a perl interpreter, so better be safe. -@prefix = ( $^X, $std_wrapper ); +@prefix = ( __fixup_prg($^X), $std_wrapper ); } else { # Otherwise, we assume Unix semantics, and trust that the #! # line activates perl for us.