[tools] master update
The branch master has been updated via e771ebd4a0e349d929dc2e6f7ad2af48978e772d (commit) from fa7b4ef4e67bb944a40c83539b216c398426bfc1 (commit) - Log - commit e771ebd4a0e349d929dc2e6f7ad2af48978e772d Author: Pauli Date: Tue May 4 18:14:32 2021 +1000 run-checker: disable debug flag for builds It is more representative of reality. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/tools/pull/86) --- Summary of changes: run-checker/run-checker.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh index b59283c..dbb3da5 100755 --- a/run-checker/run-checker.sh +++ b/run-checker/run-checker.sh @@ -132,7 +132,7 @@ if run-hook prepare; then else builddir="$(echo $opt | sed -e 's|[ /]|_|g')" fi -if run-hook start "$builddir" "$opt" -d $warnopts $expandedopts; then +if run-hook start "$builddir" "$opt" $warnopts $expandedopts; then if ( set -e @@ -143,7 +143,7 @@ if run-hook prepare; then echo "Building with '$opt'" log-eval \ -CC=$optcc ../openssl/config -d $warnopts $expandedopts \ +CC=$optcc ../openssl/config $warnopts $expandedopts \ >build.log 2>&1 || \ exit $?
[openssl] master update
The branch master has been updated via 029875dc5ba28f18e3067c883fb53c9ae91d6954 (commit) from 355e1f041cde9f1b5e362f834cf4538204f53586 (commit) - Log - commit 029875dc5ba28f18e3067c883fb53c9ae91d6954 Author: Tomas Mraz Date: Mon May 3 15:45:31 2021 +0200 Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3 The maximum (theoretical) block size of SHA3 is 200 bytes. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15125) --- Summary of changes: include/openssl/hmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index c5b4e670ac..c954b3767d 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -21,7 +21,7 @@ # include # ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HMAC_MAX_MD_CBLOCK 128/* Deprecated */ +# define HMAC_MAX_MD_CBLOCK 200/* Deprecated */ # endif # ifdef __cplusplus
[openssl] master update
The branch master has been updated via 355e1f041cde9f1b5e362f834cf4538204f53586 (commit) from 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 (commit) - Log - commit 355e1f041cde9f1b5e362f834cf4538204f53586 Author: Richard Levitte Date: Wed Apr 28 18:08:00 2021 +0200 DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs Fixes #11165 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15073) --- Summary of changes: doc/man3/OSSL_PARAM.pod | 6 ++ 1 file changed, 6 insertions(+) diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod index 593bb21ef1..98d75c9fa2 100644 --- a/doc/man3/OSSL_PARAM.pod +++ b/doc/man3/OSSL_PARAM.pod @@ -71,6 +71,12 @@ is NULL. The usual full terminating template is: This can also be specified using L. +=head2 Functional support + +Libcrypto offers a limited set of helper functions to handle +B items and arrays, please see L. +Developers are free to extend or replace those as they see fit. + =head2 B fields =over 4
[openssl] master update
The branch master has been updated
via 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 (commit)
from 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f (commit)
- Log -
commit 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9
Author: Dr. David von Oheimb
Date: Fri Apr 30 18:36:00 2021 +0200
HTTP client: Correct the use of optional proxy URL and its documentation
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15104)
---
Summary of changes:
crypto/http/http_client.c | 34 ++
crypto/http/http_lib.c | 19 ++-
doc/man1/openssl-cmp.pod.in | 36 +++-
doc/man3/OSSL_HTTP_transfer.pod | 9 +
4 files changed, 48 insertions(+), 50 deletions(-)
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 9c2b593a2d..bf2e3b54c7 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -693,10 +693,11 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
/* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */
static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */,
const char *server_port /* explicit server port */,
- const char *proxy /* optionally includes ":port" */)
+ int use_ssl,
+ const char *proxy /* optionally includes ":port" */,
+ const char *proxy_port /* explicit proxy port */)
{
-const char *host = server, *host_end;
-char host_name[100];
+const char *host = server;
const char *port = server_port;
BIO *cbio;
@@ -705,20 +706,11 @@ static BIO *HTTP_new_bio(const char *server /* optionally
includes ":port" */,
if (proxy != NULL) {
host = proxy;
-port = NULL;
+port = proxy_port;
}
-host_end = strchr(host, '/');
-if (host_end != NULL) {
-size_t host_len = host_end - host;
-
-if (host_len < sizeof(host_name)) {
-/* chop trailing string starting with '/' */
-strncpy(host_name, host, host_len);
-host_name[host_len] = '\0';
-host = host_name;
-}
-}
+if (port == NULL && strchr(host, ':') == NULL)
+port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
cbio = BIO_new_connect(host /* optionally includes ":port" */);
if (cbio == NULL)
@@ -854,6 +846,8 @@ BIO *OSSL_HTTP_transfer(const char *server, const char
*port, const char *path,
cbio = bio;
} else {
#ifndef OPENSSL_NO_SOCK
+char *proxy_host = NULL, *proxy_port = NULL;
+
if (server == NULL) {
ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
@@ -863,7 +857,15 @@ BIO *OSSL_HTTP_transfer(const char *server, const char
*port, const char *path,
if (port == NULL && strchr(server, ':') == NULL)
port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
proxy = ossl_http_adapt_proxy(proxy, no_proxy, server, use_ssl);
-if ((cbio = HTTP_new_bio(server, port, proxy)) == NULL)
+if (proxy != NULL
+&& !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */,
+_host, _port, NULL /* num */,
+NULL /* path */, NULL, NULL))
+return NULL;
+cbio = HTTP_new_bio(server, port, use_ssl, proxy_host, proxy_port);
+OPENSSL_free(proxy_host);
+OPENSSL_free(proxy_port);
+if (cbio == NULL)
return NULL;
#else
ERR_raise(ERR_LIB_HTTP, HTTP_R_SOCK_NOT_SUPPORTED);
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index a8697cca33..2aa0736ac5 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -113,7 +113,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char
**puser, char **phost,
/* remaining port spec handling is also done for the default values */
/* make sure a decimal port number is given */
if (!sscanf(port, "%u", ) || portnum > 65535) {
-ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER);
+ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port);
goto err;
}
for (port_end = port; '0' <= *port_end && *port_end <= '9'; port_end++)
@@ -240,6 +240,7 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char
**puser, char **phost,
return 0;
}
+/* Respect no_proxy, taking default value from environment variable(s) */
int ossl_http_use_proxy(const char *no_proxy, const char *server)
{
size_t sl;
@@ -257,6 +258,7 @@ int ossl_http_use_proxy(const char *no_proxy, const char
*server)
no_proxy = getenv("no_proxy");
if (no_proxy == NULL)
no_proxy =
[openssl] master update
The branch master has been updated
via 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f (commit)
from 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926 (commit)
- Log -
commit 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f
Author: Dr. David von Oheimb
Date: Sat May 1 22:19:54 2021 +0200
testutil/load.c: Add checks for file(name) == NULL
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15120)
---
Summary of changes:
test/testutil/load.c | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/test/testutil/load.c b/test/testutil/load.c
index 9b188eb8a6..444fb8a78d 100644
--- a/test/testutil/load.c
+++ b/test/testutil/load.c
@@ -20,7 +20,7 @@ X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx)
X509 *cert = NULL;
BIO *bio = NULL;
-if (!TEST_ptr(bio = BIO_new(BIO_s_file(
+if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new(BIO_s_file(
return NULL;
if (TEST_int_gt(BIO_read_filename(bio, file), 0)
&& TEST_ptr(cert = X509_new_ex(libctx, NULL)))
@@ -30,17 +30,14 @@ X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx)
return cert;
}
-STACK_OF(X509) *load_certs_pem(const char *filename)
+STACK_OF(X509) *load_certs_pem(const char *file)
{
STACK_OF(X509) *certs;
BIO *bio;
X509 *x;
-bio = BIO_new_file(filename, "r");
-
-if (bio == NULL) {
+if (!TEST_ptr(file) || (bio = BIO_new_file(file, "r")) == NULL)
return NULL;
-}
certs = sk_X509_new_null();
if (certs == NULL) {
@@ -74,7 +71,7 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX
*libctx)
EVP_PKEY *key = NULL;
BIO *bio = NULL;
-if (!TEST_ptr(bio = BIO_new(BIO_s_file(
+if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new(BIO_s_file(
return NULL;
if (TEST_int_gt(BIO_read_filename(bio, file), 0))
(void)TEST_ptr(key = PEM_read_bio_PrivateKey_ex(bio, NULL, NULL, NULL,
[openssl] master update
The branch master has been updated
via 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926 (commit)
via d9efb24de8765ddc921b8e304372e8e33d4d65f4 (commit)
via 6c3d101a62808b2f6ce92b338cc9a4ddd5bd67a2 (commit)
via 6e328484ab17f671134077962ce1aa392e512423 (commit)
from 7031f5821c4380d9c1f60a92734c940fdedfb488 (commit)
- Log -
commit 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926
Author: Dr. David von Oheimb
Date: Mon Apr 26 14:55:18 2021 +0200
BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve
related doc
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15029)
commit d9efb24de8765ddc921b8e304372e8e33d4d65f4
Author: Dr. David von Oheimb
Date: Mon Apr 26 14:51:34 2021 +0200
OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15029)
commit 6c3d101a62808b2f6ce92b338cc9a4ddd5bd67a2
Author: Dr. David von Oheimb
Date: Mon Apr 26 14:58:19 2021 +0200
APPS load_key_certs_crls(): Correct the 'expect' arg calculation for
OSSL_STORE_expect()
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15029)
commit 6e328484ab17f671134077962ce1aa392e512423
Author: Dr. David von Oheimb
Date: Mon Apr 26 14:57:05 2021 +0200
OSSL_STORE_expect(): Improve error handling and documentation
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15029)
---
Summary of changes:
apps/lib/apps.c| 34 --
crypto/encode_decode/decoder_lib.c | 9 +
crypto/store/store_lib.c | 7 ++-
doc/man3/BIO_ctrl.pod | 2 +-
doc/man3/OSSL_STORE_expect.pod | 10 ++
doc/man3/OSSL_STORE_open.pod | 4 ++--
6 files changed, 36 insertions(+), 30 deletions(-)
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index b87f271ee8..81b543ec68 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -828,6 +828,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
return ret;
}
+/* Set type expectation, but clear it if objects of different types expected.
*/
+#define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0);
/*
* Load those types of credentials for which the result pointer is not NULL.
* Reads from stdio if uri is NULL and maybe_stdin is nonzero.
@@ -860,47 +862,41 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" :
pcrls != NULL ? "CRLs" : NULL;
int cnt_expectations = 0;
-int expect = 0;
+int expect = -1;
/* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL) {
*ppkey = NULL;
cnt_expectations++;
-expect = OSSL_STORE_INFO_PKEY;
+SET_EXPECT(OSSL_STORE_INFO_PKEY);
}
if (ppubkey != NULL) {
*ppubkey = NULL;
cnt_expectations++;
-expect = OSSL_STORE_INFO_PUBKEY;
+SET_EXPECT(OSSL_STORE_INFO_PUBKEY);
}
if (pparams != NULL) {
*pparams = NULL;
cnt_expectations++;
-expect = OSSL_STORE_INFO_PARAMS;
+SET_EXPECT(OSSL_STORE_INFO_PARAMS);
}
if (pcert != NULL) {
*pcert = NULL;
cnt_expectations++;
-expect = OSSL_STORE_INFO_CERT;
+SET_EXPECT(OSSL_STORE_INFO_CERT);
}
-if (failed == NULL) {
-BIO_printf(bio_err, "Internal error: nothing to load into from %s\n",
- uri != NULL ? uri : "");
-return 0;
-}
-
if (pcerts != NULL) {
if (*pcerts == NULL && (*pcerts = sk_X509_new_null()) == NULL) {
BIO_printf(bio_err, "Out of memory loading");
goto end;
}
cnt_expectations++;
-expect = OSSL_STORE_INFO_CERT;
+SET_EXPECT(OSSL_STORE_INFO_CERT);
}
if (pcrl != NULL) {
*pcrl = NULL;
cnt_expectations++;
-expect = OSSL_STORE_INFO_CRL;
+SET_EXPECT(OSSL_STORE_INFO_CRL);
}
if (pcrls != NULL) {
if (*pcrls == NULL && (*pcrls = sk_X509_CRL_new_null()) == NULL) {
@@ -908,7 +904,12 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
goto end;
}
cnt_expectations++;
-expect = OSSL_STORE_INFO_CRL;
+SET_EXPECT(OSSL_STORE_INFO_CRL);
+}
+if (cnt_expectations == 0) {
+BIO_printf(bio_err, "Internal error: nothing to load from %s\n",
+ uri != NULL ? uri : "");
+return 0;
}
uidata.password = pass;
@@ -937,10 +938,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
BIO_printf(bio_err, "Could not open file or uri for loading");
goto end;
[openssl] master update
The branch master has been updated via 7031f5821c4380d9c1f60a92734c940fdedfb488 (commit) from bad0d6c789b28526d7becec046ab7c80280c2110 (commit) - Log - commit 7031f5821c4380d9c1f60a92734c940fdedfb488 Author: Dr. David von Oheimb Date: Fri Apr 30 18:29:12 2021 +0200 OCSP: Minor improvements of documentation and header file Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15103) --- Summary of changes: CHANGES.md| 5 +++-- doc/man3/OCSP_sendreq_new.pod | 13 - include/openssl/ocsp.h.in | 8 util/other.syms | 1 + 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 0abee0a0ac..0e7b09432b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -328,14 +328,15 @@ OpenSSL 3.0 * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(), OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(), - OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(), + OCSP_REQ_CTX_i2d() and its special form OCSP_REQ_CTX_set1_req(), + OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(), OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length(). These were used to collect all necessary data to form a HTTP request, and to perform the HTTP transfer with that request. With OpenSSL 3.0, the type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(), OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(), - OSSL_HTTP_REQ_CTX_set1_req(), OSSL_HTTP_REQ_CTX_nbio(), + OSSL_HTTP_REQ_CTX_i2d(), OSSL_HTTP_REQ_CTX_nbio(), OSSL_HTTP_REQ_CTX_sendreq_d2i(), OSSL_HTTP_REQ_CTX_get0_mem_bio() and OSSL_HTTP_REQ_CTX_set_max_response_length(). diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod index f01aadad6b..10c6131f86 100644 --- a/doc/man3/OCSP_sendreq_new.pod +++ b/doc/man3/OCSP_sendreq_new.pod @@ -2,6 +2,7 @@ =head1 NAME +OCSP_REQ_CTX, OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_sendreq_bio, @@ -27,13 +28,14 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: + typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req); int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx, const char *name, const char *value); - void OCSP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx); + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); void OCSP_set_max_response_length(OCSP_REQ_CT *rctx, unsigned long len); - int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req); + int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); =head1 DESCRIPTION @@ -70,10 +72,11 @@ OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following: OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following: OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request", -ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req) +ASN1_ITEM_rptr(OCSP_REQUEST), +(const ASN1_VALUE *)req) -The other deprecated type and functions have been superseded by the -following equivalents: +The deprecated type and the remaining deprecated functions +have been superseded by the following equivalents: B by L, OCSP_REQ_CTX_add1_header() by L, OCSP_REQ_CTX_free() by L, and diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in index bf8bd7e676..83c8a175fe 100644 --- a/include/openssl/ocsp.h.in +++ b/include/openssl/ocsp.h.in @@ -186,8 +186,10 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; NULL, NULL, path) # define OCSP_REQ_CTX_add1_header(r, n, v) \ OSSL_HTTP_REQ_CTX_add1_header(r, n, v) -# define OCSP_REQ_CTX_i2d(r, i, req) \ -OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", i, req) +# define OCSP_REQ_CTX_i2d(r, it, req) \ +OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req) +# define OCSP_REQ_CTX_set1_req(r, req) \ +OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) # define OCSP_REQ_CTX_nbio(r) \ OSSL_HTTP_REQ_CTX_nbio(r) # define OCSP_REQ_CTX_nbio_d2i(r, p, i)\ @@ -196,8 +198,6 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; OSSL_HTTP_REQ_CTX_get0_mem_bio(r) # define OCSP_set_max_response_length(r, l) \ OSSL_HTTP_REQ_CTX_set_max_response_length(r, l) -# define OCSP_REQ_CTX_set1_req(r, req) \ -OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req)) # endif OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509
[openssl] master update
The branch master has been updated via bad0d6c789b28526d7becec046ab7c80280c2110 (commit) from f9548d21bae8667b71254d82478e0094a5a3982d (commit) - Log - commit bad0d6c789b28526d7becec046ab7c80280c2110 Author: Tomas Mraz Date: Tue May 4 12:28:42 2021 +0200 fips-checksums: The define for fips module is FIPS_MODULE Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15132) --- Summary of changes: providers/fips-sources.checksums | 160 +++ providers/fips.checksum | 2 +- util/fips-checksums.sh | 2 +- 3 files changed, 82 insertions(+), 82 deletions(-) diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 50d19c5117..8c46849215 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -67,9 +67,9 @@ d95277a3d7635a1f6a2613ba954606ae3c4bb260d11c85612ae83a05a726d03c crypto/bn/bn_a 6baa367447c968066e25934b0d00d3525b78ba00f733a5597988e810941dff88 crypto/bn/bn_asm.c e263280dcd108a479b0ec60069ae7e74893135f6253bac4094279d2cf30557a8 crypto/bn/bn_blind.c 7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6 crypto/bn/bn_const.c -354b467799488fabfc15597b0b16cfde805826ba1b7ab6ba78ac2d1606337f1a crypto/bn/bn_conv.c -ac212b69f4958abaedae9a830fd5084a8e9e166b748b9f3cacfaa2dae77a5570 crypto/bn/bn_ctx.c -55349393c0a3f73edfe8a8b9953bd13cbda6186dbeb097e71748885947f672ed crypto/bn/bn_dh.c +d66453ceb0a1be02a9cd2aef0ceec5943a2b9ec42e2fe66c13d03bb669389749 crypto/bn/bn_conv.c +2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c +d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c 034baac767c911705235da9507e0b9d029ec3746c5469069a110ed899cf7ddff crypto/bn/bn_div.c fb4104aa82438b5dda1592a7d41e8936356734801b26f864c22264615cb4df4d crypto/bn/bn_exp.c 4a0295e30ac91bfbfdcd3f2d0cbd5eaf4f5a44b4bba3135b137a692394a2f897 crypto/bn/bn_exp2.c @@ -83,8 +83,8 @@ dc213ef490a96c5e199e06058c32ae599825c668fc08d815d6384f57600df21d crypto/bn/bn_k 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60 crypto/bn/bn_mpi.c 02bf294bad18d12542fbe60a5ab0eea36dbc914b6d445ad8f4dd03324ee2a33e crypto/bn/bn_mul.c 0d4a2c25a3acd4adb45234837d427574bcb1e6800b69f8dfe68478d831491cf1 crypto/bn/bn_nist.c -b5ef389b9dd161d72d3e1c09ed8994112b6fe186294fd83139ed45729a7f5e64 crypto/bn/bn_prime.c -27c2196707a7b08cf2f04ee1a79212754196eeae5af2fa5048adac3072616399 crypto/bn/bn_rand.c +2567f88812ba315eca454659a9d2eaeacc8d1753c9c19866ff00d2beed707636 crypto/bn/bn_prime.c +cb27f0d2cc9d2d5f82b40378517e26fe2d9a5092f50fd26cdf648ae954190f2b crypto/bn/bn_rand.c 2a47b990bc53fec79013e0b2d1a9ee3512019705d6ec3a2625c43b0fb42d41aa crypto/bn/bn_recp.c 4e3d0ebda2d250887634ab491b398a71778431b3db4bc1eb329542f4bd0798cc crypto/bn/bn_rsa_fips186_4.c 9bbad44e0007a2a7f6caaa1a9c6a9d4e667afdac898b32598483ae336479cb72 crypto/bn/bn_shift.c @@ -96,10 +96,10 @@ ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05 crypto/bn/rsaz 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c 35e3ad090adedc8e5873e2831bf713e1f52846b4cbdd232e01692ebe35318c3c crypto/cmac/cmac.c -7f530e7d0fc7953aa6b70749796d31c1a03aa34e79a7dfd8b625a786e44c6171 crypto/context.c +f63058e3d3df38f44856f062b7e67d58681488dbe7f27d90979cc4afdfe4a395 crypto/context.c 0a27ead487bd4775cece449dab53ca5aa9d1997012c85b1dcd2178d3b851dd94 crypto/core_algorithm.c 2185a7d136ee77725fc1b8a6b401bebceeeddc067eea0482e0ab2916ce550e78 crypto/core_fetch.c -4ccc57e4bbd46b56c481a3e3c0c105ee27e82a87909637b75e605274e7f3cb44 crypto/core_namemap.c +66d5fa1814ec1c80c1635dad5d4311722d20890afe44133f958a4be4447b8252 crypto/core_namemap.c 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c 7c5237bdc26eca21d4ccb25f13569e217103fe21574157b813c2aecd05983472 crypto/cryptlib.c 53529f4e0575dd83b45a53e852fcec512ada53dd6979268e473885f139b8e0b9 crypto/ctype.c @@ -108,19 +108,19 @@ b8272245e1a3bc813aeb48a1155ac37bc979ad4a6ff55baa8c97e62115abb0d1 crypto/des/des eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb3_enc.c cb363ba00f38e84c43af4802d8477a8877db3cea2fdc75299fec16f451ef1c69 crypto/des/fcrypt_b.c 5771c2e517df1dfa35e0cc06ce1d9808e3a5ab21110020d4bdf77284fedb41e1 crypto/des/set_key.c -47035cde6151da2aaabd614990d47de63550fed2561900559bd75305dd3856c8 crypto/dh/dh_backend.c -3f4f990509263483f3c0a57c2d40809eb5680d57197370314f94bc79f0389bed crypto/dh/dh_check.c -e6aa1e0379f298dd4250a376f3854db5d919d8b9557f3935b764b4b8ccd24de9 crypto/dh/dh_gen.c
[openssl] master update
The branch master has been updated
via f9548d21bae8667b71254d82478e0094a5a3982d (commit)
via 93954ab050b395275a9d8b084ab4aa9e815ce119 (commit)
via b0ee1de9ab4fb8586934f3a8126432f06abf7115 (commit)
from e3188bae04769242e62ae2fba96a0aca5b7ce605 (commit)
- Log -
commit f9548d21bae8667b71254d82478e0094a5a3982d
Author: Matt Caswell
Date: Wed Apr 28 15:23:16 2021 +0100
Document the new core BIO public API support
Fixes #14409
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15072)
commit 93954ab050b395275a9d8b084ab4aa9e815ce119
Author: Matt Caswell
Date: Wed Apr 28 13:57:43 2021 +0100
Add a test for the public core bio API
Check that reading/writing to a core bio via BIO_new_from_core_bio()
works as expected.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15072)
commit b0ee1de9ab4fb8586934f3a8126432f06abf7115
Author: Matt Caswell
Date: Tue Apr 27 19:56:39 2021 +0100
Create libcrypto support for BIO_new_from_core_bio()
Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an
internal only concept for our own providers. Since this is likely to be
generally useful, we make it a part of the public API.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15072)
---
Summary of changes:
crypto/bio/bio_lib.c | 8 +-
crypto/bio/bio_local.h | 1 +
crypto/bio/bss_core.c | 170 +
crypto/bio/build.info | 2 +-
crypto/context.c | 16 ++
doc/build.info | 6 +
doc/man3/BIO_new.pod | 24 ++-
doc/man3/BIO_s_core.pod| 72 +
doc/man3/OSSL_LIB_CTX.pod | 17 ++-
include/internal/bio.h | 2 +
include/internal/cryptlib.h| 7 +-
include/openssl/bio.h.in | 6 +-
include/openssl/crypto.h.in| 1 +
test/bio_core_test.c | 107 +
test/build.info| 6 +-
.../{04-test_bioprint.t => 04-test_bio_core.t} | 2 +-
util/libcrypto.num | 4 +
17 files changed, 430 insertions(+), 21 deletions(-)
create mode 100644 crypto/bio/bss_core.c
create mode 100644 doc/man3/BIO_s_core.pod
create mode 100644 test/bio_core_test.c
copy test/recipes/{04-test_bioprint.t => 04-test_bio_core.t} (88%)
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 6d360b62ed..5cdd6d7cfd 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -68,7 +68,7 @@ static long bio_call_callback(BIO *b, int oper, const char
*argp, size_t len,
return ret;
}
-BIO *BIO_new(const BIO_METHOD *method)
+BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method)
{
BIO *bio = OPENSSL_zalloc(sizeof(*bio));
@@ -77,6 +77,7 @@ BIO *BIO_new(const BIO_METHOD *method)
return NULL;
}
+bio->libctx = libctx;
bio->method = method;
bio->shutdown = 1;
bio->references = 1;
@@ -107,6 +108,11 @@ err:
return NULL;
}
+BIO *BIO_new(const BIO_METHOD *method)
+{
+return BIO_new_ex(NULL, method);
+}
+
int BIO_free(BIO *a)
{
int ret;
diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h
index 30e56cba8d..3d9afe0760 100644
--- a/crypto/bio/bio_local.h
+++ b/crypto/bio/bio_local.h
@@ -113,6 +113,7 @@ typedef struct bio_f_buffer_ctx_struct {
} BIO_F_BUFFER_CTX;
struct bio_st {
+OSSL_LIB_CTX *libctx;
const BIO_METHOD *method;
/* bio, mode, argp, argi, argl, ret */
BIO_callback_fn callback;
diff --git a/crypto/bio/bss_core.c b/crypto/bio/bss_core.c
new file mode 100644
index 00..2baabe614e
--- /dev/null
+++ b/crypto/bio/bss_core.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+typedef struct {
+OSSL_FUNC_BIO_read_ex_fn *c_bio_read_ex;
+OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex;
+OSSL_FUNC_BIO_gets_fn *c_bio_gets;
+OSSL_FUNC_BIO_puts_fn *c_bio_puts;
+OSSL_FUNC_BIO_ctrl_fn *c_bio_ctrl;
+} BIO_CORE_GLOBALS;
+
+static void bio_core_globals_free(void *vbcg)
+{
+OPENSSL_free(vbcg);
+}
+
+static void
[openssl] master update
The branch master has been updated via e3188bae04769242e62ae2fba96a0aca5b7ce605 (commit) via 9deb202e6a54aee76a09c3a12c320c4a4c39a19f (commit) from a0baa98b5c1f805a30539e43ef62e2a43979773f (commit) - Log - commit e3188bae04769242e62ae2fba96a0aca5b7ce605 Author: Tomas Mraz Date: Mon May 3 10:53:08 2021 +0200 Run coveralls daily and not exactly at midnight Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15121) commit 9deb202e6a54aee76a09c3a12c320c4a4c39a19f Author: Tomas Mraz Date: Mon May 3 10:45:16 2021 +0200 coveralls: Enable fips as it is disabled by default Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15121) --- Summary of changes: .github/workflows/coveralls.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index 370f372ad3..758ed9b581 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -3,7 +3,7 @@ name: Coverage #Run once a week on: schedule: -- cron: '0 0 * * SAT' +- cron: '49 0 * * *' jobs: coverage: @@ -14,7 +14,7 @@ jobs: run: | sudo apt-get -yq install lcov - name: config - run: CC=gcc ./config --debug --coverage no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump + run: CC=gcc ./config --debug --coverage no-asm enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test
[openssl] master update
The branch master has been updated via a0baa98b5c1f805a30539e43ef62e2a43979773f (commit) from 67cd43084cacb976ef79bbc23ccab048b06e5c1c (commit) - Log - commit a0baa98b5c1f805a30539e43ef62e2a43979773f Author: Petr Gotthard Date: Sun May 2 23:26:23 2021 +0200 apps: Switch to X509_REQ_verify_ex Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15118) --- Summary of changes: apps/lib/apps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index bfea59bdc8..b87f271ee8 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2282,7 +2282,8 @@ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, int rv = 0; if (do_x509_req_init(x, vfyopts) > 0) -rv = (X509_REQ_verify(x, pkey) > 0); +rv = (X509_REQ_verify_ex(x, pkey, + app_get0_libctx(), app_get0_propq()) > 0); return rv; }
[openssl] master update
The branch master has been updated
via 67cd43084cacb976ef79bbc23ccab048b06e5c1c (commit)
from 5432d827ec2cffa2e75bf8dd0bc570288cba19f6 (commit)
- Log -
commit 67cd43084cacb976ef79bbc23ccab048b06e5c1c
Author: Pauli
Date: Sat May 1 13:38:34 2021 +1000
test: fix failure with FIPS and no-des configured.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15105)
---
Summary of changes:
test/recipes/80-test_pkcs12.t | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
index b259c1a335..12189da3a3 100644
--- a/test/recipes/80-test_pkcs12.t
+++ b/test/recipes/80-test_pkcs12.t
@@ -96,8 +96,8 @@ SKIP: {
}
SKIP: {
-skip "Skipping legacy PKCS#12 test because RC2 is disabled in this build",
1
-if disabled("rc2") || disabled("legacy");
+skip "Skipping legacy PKCS#12 test because the required algorithms are
disabled", 1
+if disabled("des") || disabled("rc2") || disabled("legacy");
# Test reading legacy PKCS#12 file
ok(run(app(["openssl", "pkcs12", "-export",
"-in", srctop_file(@path, "v3-certs-RC2.p12"),
[openssl] master update
The branch master has been updated
via 5432d827ec2cffa2e75bf8dd0bc570288cba19f6 (commit)
via 49ce00374030c74f527c9916bff7c2c7268f4318 (commit)
from f97bc7c4240ba370c323c0d753d9d97f7a7c89bf (commit)
- Log -
commit 5432d827ec2cffa2e75bf8dd0bc570288cba19f6
Author: Richard Levitte
Date: Mon May 3 08:48:17 2021 +0200
APPS: Add passphrase handling in the "rsa" and "dsa" commands
They completely ignored any passphrase related setting.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15119)
commit 49ce00374030c74f527c9916bff7c2c7268f4318
Author: Richard Levitte
Date: Mon May 3 08:48:07 2021 +0200
APPS: Set a default passphrase UI for the "ec" command
Fixes #15114
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15119)
---
Summary of changes:
apps/dsa.c | 14 ++
apps/ec.c | 3 +++
apps/rsa.c | 14 ++
3 files changed, 31 insertions(+)
diff --git a/apps/dsa.c b/apps/dsa.c
index 9ea1098514..9a7bf04adb 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -267,6 +267,20 @@ int dsa_main(int argc, char **argv)
goto end;
}
+/* Passphrase setup */
+if (enc != NULL)
+OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+
+/* Default passphrase prompter */
+if (enc != NULL || outformat == FORMAT_PVK) {
+OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL);
+if (passout != NULL)
+/* When passout given, override the passphrase prompter */
+OSSL_ENCODER_CTX_set_passphrase(ectx,
+(const unsigned char *)passout,
+strlen(passout));
+}
+
/* PVK requires a bit more */
if (outformat == FORMAT_PVK) {
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
diff --git a/apps/ec.c b/apps/ec.c
index 5103838da0..f8f77dd492 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -267,7 +267,10 @@ int ec_main(int argc, char **argv)
NULL);
if (enc != NULL) {
OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+/* Default passphrase prompter */
+OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL);
if (passout != NULL)
+/* When passout given, override the passphrase prompter */
OSSL_ENCODER_CTX_set_passphrase(ectx,
(const unsigned char *)passout,
strlen(passout));
diff --git a/apps/rsa.c b/apps/rsa.c
index fc1db506d7..47316757d5 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -335,6 +335,20 @@ int rsa_main(int argc, char **argv)
goto end;
}
+/* Passphrase setup */
+if (enc != NULL)
+OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+
+/* Default passphrase prompter */
+if (enc != NULL || outformat == FORMAT_PVK) {
+OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL);
+if (passout != NULL)
+/* When passout given, override the passphrase prompter */
+OSSL_ENCODER_CTX_set_passphrase(ectx,
+(const unsigned char *)passout,
+strlen(passout));
+}
+
/* PVK is a bit special... */
if (outformat == FORMAT_PVK) {
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
[openssl] master update
The branch master has been updated via f97bc7c4240ba370c323c0d753d9d97f7a7c89bf (commit) via 49f699b54d982c431c13f29ea08628ab599f1e6e (commit) via be22315235605ac50f735758f6c6edcb262146db (commit) via 27ca03ea829443ee750db148dde87cf3da900d9c (commit) via 841a438c7f67f697dd6710b26cc6536dd76a420a (commit) from 02669b677e6263b3d337ceb526b8b030477fe26b (commit) - Log - commit f97bc7c4240ba370c323c0d753d9d97f7a7c89bf Author: Richard Levitte Date: Tue Apr 27 11:23:12 2021 +0200 [TEMPORARY] make 'make update' verbose in ci.yml Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) commit 49f699b54d982c431c13f29ea08628ab599f1e6e Author: Richard Levitte Date: Fri May 3 13:24:39 2019 +0200 GitHub CI: ensure that unifdef is installed This is required for 'make update' and fips checksums Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) commit be22315235605ac50f735758f6c6edcb262146db Author: Richard Levitte Date: Fri May 3 13:12:59 2019 +0200 FIPS module checksums: add scripts and Makefile rule This adds the following scripts: util/lang-compress.pl: Compress source code, which language is determined by the first argument. For the moment, we know 'perl' (perlasm source code), 'C' (C source code) and 'S' (Assembler with C preprocessor directives). This removes comments and empty lines, and compresses series of horizontal spaces to one single space in the languages where that's appropriate. util/fips-checksums.sh: Takes source file names as arguments, pushes them through util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates the checksum on the result. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) commit 27ca03ea829443ee750db148dde87cf3da900d9c Author: Richard Levitte Date: Mon Apr 26 19:44:24 2021 +0200 Unix build file: Add a target to create providers/fips.module.sources This file will be the basis for the FIPS module checksum calculation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) commit 841a438c7f67f697dd6710b26cc6536dd76a420a Author: Richard Levitte Date: Mon Apr 26 19:41:54 2021 +0200 Add OpenSSL::Config::Query and use it in configdata.pm OpenSSL::Config::Query is a configuration querying tool that's meant to make it easier to query the diverse configuration data for info. That's much easier than to dig through all the parts of %unified_info. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) --- Summary of changes: .github/workflows/ci.yml | 6 +- Configurations/unix-Makefile.tmpl | 53 + configdata.pm.in | 26 ++- providers/fips-sources.checksums | 459 + providers/fips.checksum | 1 + providers/fips.module.sources | 467 ++ util/c-compress-test.pl | 54 + util/fips-checksums.sh| 31 +++ util/lang-compress.pl | 189 +++ util/perl/OpenSSL/Config/Query.pm | 177 +++ 10 files changed, 1460 insertions(+), 3 deletions(-) create mode 100644 providers/fips-sources.checksums create mode 100644 providers/fips.checksum create mode 100644 providers/fips.module.sources create mode 100755 util/c-compress-test.pl create mode 100755 util/fips-checksums.sh create mode 100755 util/lang-compress.pl create mode 100644 util/perl/OpenSSL/Config/Query.pm diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2e18fba41a..e37c7f54d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,13 +15,17 @@ jobs: check_update: runs-on: ubuntu-latest steps: +- name: install unifdef + run: | +sudo apt-get update +sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef - uses: actions/checkout@v2 - name: config run: ./config --strict-warnings enable-fips && perl configdata.pm --dump - name: make build_generated run: make -s build_generated - name: make update - run: make -s update + run: make update - name: git diff run: git diff --exit-code diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 4ace44477d..d98c42c85e 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1055,6 +1055,9 @@ uninstall_html_docs: # It's important that generate_buildinfo comes after ordinals, as ordinals # is sensitive to build.info changes. update: generate
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 4b1be3c8868cf0b26a031f68ffebc34248e1836c (commit)
from 6682083fa51fb94b95afd68b2b57f7609d9e41e7 (commit)
- Log -
commit 4b1be3c8868cf0b26a031f68ffebc34248e1836c
Author: Dmitry Belyavskiy
Date: Sat May 1 13:29:05 2021 +0200
Use OCSP-specific error code for clarity
Fixes #12735 for 1.1.1
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15109)
---
Summary of changes:
crypto/err/openssl.txt | 1 +
include/openssl/sslerr.h | 3 ++-
ssl/ssl_err.c| 4 +++-
ssl/statem/statem_clnt.c | 2 +-
4 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 7e1776375d..e0e60ffa38 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2784,6 +2784,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
SSL_R_NULL_SSL_CTX:195:null ssl ctx
SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure
SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
old session compression algorithm not returned
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 82983d3c1e..9060fd1b75 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -633,6 +633,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
# define SSL_R_NULL_SSL_CTX 195
# define SSL_R_NULL_SSL_METHOD_PASSED 196
+# define SSL_R_OCSP_CALLBACK_FAILURE 294
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
# define SSL_R_OVERFLOW_ERROR 237
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 4b12ed1485..d0c69821b5 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1018,6 +1018,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
"null ssl method passed"},
+{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
+"ocsp callback failure"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
"old session cipher not returned"},
{ERR_PACK(ERR_LIB_SSL, 0,
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index de58f1a4b7..5543e08c59 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2833,7 +2833,7 @@ int tls_process_initial_server_flight(SSL *s)
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
- ERR_R_MALLOC_FAILURE);
+ SSL_R_OCSP_CALLBACK_FAILURE);
return 0;
}
}
[openssl] master update
The branch master has been updated
via 02669b677e6263b3d337ceb526b8b030477fe26b (commit)
via 0d6c144e8d0c53e8947e3a76225ea33b3e29abc8 (commit)
from d1a770414acd34c774248ce8efbe202fd7a44041 (commit)
- Log -
commit 02669b677e6263b3d337ceb526b8b030477fe26b
Author: Richard Levitte
Date: Thu Apr 29 12:50:33 2021 +0200
Windows build file: add forgotten quotes on POD->html command line
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15084)
commit 0d6c144e8d0c53e8947e3a76225ea33b3e29abc8
Author: Richard Levitte
Date: Sat May 1 07:29:27 2021 +0200
OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
The perl interpreter name itself might contain spaces and need quoting.
__fixup_prg() does this for us.
Fixes #14256
Co-authored-by: Tomáš Mráz
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15084)
---
Summary of changes:
Configurations/windows-makefile.tmpl | 2 +-
util/perl/OpenSSL/Test.pm| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Configurations/windows-makefile.tmpl
b/Configurations/windows-makefile.tmpl
index 4843106de2..014c1eb8d1 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -686,7 +686,7 @@ EOF
my $pod = $gen0;
return <<"EOF";
$args{src}: "$pod"
- \$(PERL) \$(SRCDIR)/util/mkpod2html.pl -i "$pod" -o \$\@ -t "$title" -r
"\$(SRCDIR)/doc"
+ "\$(PERL)" "\$(SRCDIR)/util/mkpod2html.pl" -i "$pod" -o \$\@ -t
"$title" -r "\$(SRCDIR)/doc"
EOF
} elsif (platform->isdef($args{src})) {
#
diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm
index 4dc1bad188..55f26cc630 100644
--- a/util/perl/OpenSSL/Test.pm
+++ b/util/perl/OpenSSL/Test.pm
@@ -1232,7 +1232,7 @@ sub __wrap_cmd {
# In the Windows case, we run perl explicitly. We might not
# need it, but that depends on if the user has associated the
# '.pl' extension with a perl interpreter, so better be safe.
-@prefix = ( $^X, $std_wrapper );
+@prefix = ( __fixup_prg($^X), $std_wrapper );
} else {
# Otherwise, we assume Unix semantics, and trust that the #!
# line activates perl for us.
