FAILED build of OpenSSL branch master with options -d --strict-warnings no-multiblock
Platform and configuration command:
$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-multiblock
Commit log since last time:
a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON
macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the
dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its
documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error;
improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for
OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
Build log ended with (last 100 lines):
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t ok
70-test_tls13messages.t ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
#
Killing mock server with pid=326688180-test_cmp_http.t . ok
# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t .. ok
90-test_asn1_time.t ok
90-test_async.t ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t ok
Build completed: openssl master.41958
Build openssl master.41958 completed Commit b0f960189b by Dr. David von Oheimb on 5/5/2021 6:48 PM: APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command:
$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64
x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module
Commit log since last time:
a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON
macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the
dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its
documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error;
improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for
OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
Build log ended with (last 100 lines):
../../../../../enable-fuzz-afl/util/wrap.pl
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf
-section 'Mock enrollment' -certout
../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy ''
-no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1
-certout
../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo5.pem
-out_trusted root.crt => 0
not ok 47 - popo NONE
# --
# Failed test 'popo NONE'
# at ../openssl/test/recipes/80-test_cmp_http.t line 145.
Warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a
CA cert
# cmp_main:../openssl/apps/cmp.c:2582:CMP info: using section(s) 'Mock
enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2191:CMP warning: -proxy option argument is
empty string, resetting option
# setup_client_ctx:../openssl/apps/cmp.c:1891:CMP info: will contact
http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received
IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending
CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received
PKICONF
# save_free_certs:../openssl/apps/cmp.c:1941:CMP info: received 1 enrolled
certificate(s), saving to file
'../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem'
../../../../../enable-fuzz-afl/util/wrap.pl
../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf
-section 'Mock
Build failed: openssl master.41957
Build openssl master.41957 failed Commit 6c0ac9b99f by Benjamin Kaduk on 5/5/2021 3:13 PM: adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change Configure your notification preferences
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via a9e808fadcff1b1b4bf5dece753ee5eb00c9cc16 (commit) from 9f85ab647c8c9f47a1523f99facdf15fc34797a0 (commit) - Log - commit a9e808fadcff1b1b4bf5dece753ee5eb00c9cc16 Author: Dmitry Belyavskiy Date: Wed May 5 14:29:28 2021 +0200 Avoid sending alerts after shutdown Fixes #11388 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15159) (cherry picked from commit 22d1138fe2fde9a16e80b81de1d848ae6fa879ef) --- Summary of changes: ssl/s3_msg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 339fb2774a..721bbb7320 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -48,6 +48,8 @@ int ssl3_send_alert(SSL *s, int level, int desc) * protocol_version alerts */ if (desc < 0) return -1; +if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY) +return -1; /* If a fatal one, remove from cache */ if ((level == SSL3_AL_FATAL) && (s->session != NULL)) SSL_CTX_remove_session(s->session_ctx, s->session);
[openssl] master update
The branch master has been updated via 22d1138fe2fde9a16e80b81de1d848ae6fa879ef (commit) from 021521aa91d7b1a47f3c3b704f1cc39f169b2e5b (commit) - Log - commit 22d1138fe2fde9a16e80b81de1d848ae6fa879ef Author: Dmitry Belyavskiy Date: Wed May 5 14:29:28 2021 +0200 Avoid sending alerts after shutdown Fixes #11388 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15159) --- Summary of changes: ssl/s3_msg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 066623d5fb..4b0906820e 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -52,6 +52,8 @@ int ssl3_send_alert(SSL *s, int level, int desc) * protocol_version alerts */ if (desc < 0) return -1; +if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY) +return -1; /* If a fatal one, remove from cache */ if ((level == SSL3_AL_FATAL) && (s->session != NULL)) SSL_CTX_remove_session(s->session_ctx, s->session);
[openssl] master update
The branch master has been updated
via 021521aa91d7b1a47f3c3b704f1cc39f169b2e5b (commit)
from bfe2fcc840e92df5a5875e55c6aed79891d2612f (commit)
- Log -
commit 021521aa91d7b1a47f3c3b704f1cc39f169b2e5b
Author: Petr Gotthard
Date: Sun Apr 18 18:28:25 2021 +0200
Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT,
so a check for NULL is needed.
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/14919)
---
Summary of changes:
crypto/encode_decode/encoder_pkey.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/crypto/encode_decode/encoder_pkey.c
b/crypto/encode_decode/encoder_pkey.c
index 4bfd219fe2..3bb0702e43 100644
--- a/crypto/encode_decode/encoder_pkey.c
+++ b/crypto/encode_decode/encoder_pkey.c
@@ -76,6 +76,7 @@ struct collected_encoder_st {
const char *output_structure;
const char *output_type;
+const OSSL_PROVIDER *keymgmt_prov;
OSSL_ENCODER_CTX *ctx;
int error_occurred;
@@ -102,7 +103,9 @@ static void collect_encoder(OSSL_ENCODER *encoder, void
*arg)
if (!OSSL_ENCODER_is_a(encoder, name)
|| (encoder->does_selection != NULL
-&& !encoder->does_selection(provctx, data->ctx->selection)))
+&& !encoder->does_selection(provctx, data->ctx->selection))
+|| (data->keymgmt_prov != prov
+&& encoder->import_object == NULL))
continue;
/* Only add each encoder implementation once */
@@ -213,6 +216,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX
*ctx,
const char *propquery)
{
struct construct_data_st *data = NULL;
+const OSSL_PROVIDER *prov = NULL;
OSSL_LIB_CTX *libctx = NULL;
int ok = 0;
@@ -222,8 +226,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX
*ctx,
}
if (evp_pkey_is_provided(pkey)) {
-const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt);
-
+prov = EVP_KEYMGMT_provider(pkey->keymgmt);
libctx = ossl_provider_libctx(prov);
}
@@ -252,6 +255,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX
*ctx,
encoder_data.output_type = ctx->output_type;
encoder_data.output_structure = ctx->output_structure;
encoder_data.error_occurred = 0;
+encoder_data.keymgmt_prov = prov;
encoder_data.ctx = ctx;
OSSL_ENCODER_do_all_provided(libctx, collect_encoder, _data);
sk_OPENSSL_CSTRING_free(keymgmt_data.names);
[openssl] master update
The branch master has been updated
via bfe2fcc840e92df5a5875e55c6aed79891d2612f (commit)
from 6ef2f71ac70aff99da277be4a554e3b1fe739050 (commit)
- Log -
commit bfe2fcc840e92df5a5875e55c6aed79891d2612f
Author: Tomas Mraz
Date: Tue May 4 15:38:48 2021 +0200
evp_extra_test: Avoid potential double free of params
Fixes #14916
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/15135)
---
Summary of changes:
test/evp_extra_test.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index f8fdc7287d..7fd45bc316 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -688,6 +688,7 @@ static int test_EC_priv_pub(void)
if (!test_fromdata("EC", params))
goto err;
OSSL_PARAM_free(params);
+params = NULL;
OSSL_PARAM_BLD_free(bld);
/* Test priv and !pub */
@@ -704,6 +705,7 @@ static int test_EC_priv_pub(void)
if (!test_fromdata("EC", params))
goto err;
OSSL_PARAM_free(params);
+params = NULL;
OSSL_PARAM_BLD_free(bld);
/* Test !priv and pub */
@@ -721,6 +723,7 @@ static int test_EC_priv_pub(void)
if (!test_fromdata("EC", params))
goto err;
OSSL_PARAM_free(params);
+params = NULL;
OSSL_PARAM_BLD_free(bld);
/* Test priv and pub */
[openssl] master update
The branch master has been updated via 6ef2f71ac70aff99da277be4a554e3b1fe739050 (commit) from 6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46 (commit) - Log - commit 6ef2f71ac70aff99da277be4a554e3b1fe739050 Author: Daniel Bevenius Date: Wed May 5 08:56:36 2021 +0200 Clarify where dispatch functions/ids are defined When reading the comment for ossl_dispatch_st it seems to indicate that the function_id numbers are defined further down in the same file. But I was not able to find them there, but instead in core_dispatch.h. This commit suggests updating the comment to point to core_dispatch.h Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15156) --- Summary of changes: include/openssl/core.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/core.h b/include/openssl/core.h index 5d69278d2e..3356ef2088 100644 --- a/include/openssl/core.h +++ b/include/openssl/core.h @@ -32,8 +32,8 @@ typedef struct openssl_core_ctx_st OPENSSL_CORE_CTX; typedef struct ossl_core_bio_st OSSL_CORE_BIO; /* - * Dispatch table element. function_id numbers are defined further down, - * see macros with '_FUNC' in their names. + * Dispatch table element. function_id numbers and the functions are defined + * in core_dispatch.h, see macros with 'OSSL_CORE_MAKE_FUNC' in their names. * * An array of these is always terminated by function_id == 0 */
[openssl] master update
The branch master has been updated via 6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46 (commit) from 4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf (commit) - Log - commit 6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46 Author: Daniel Bevenius Date: Wed May 5 05:39:56 2021 +0200 Clarify two comments (typos) in fipsprov.c Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15150) --- Summary of changes: providers/fips/fipsprov.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index a7d335b78a..841c80bab7 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -671,14 +671,14 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, return 0; } /* - * Disable the conditional error check if is disabled in the fips config - * file + * Disable the conditional error check if it's disabled in the fips config + * file. */ if (fgbl->selftest_params.conditional_error_check != NULL && strcmp(fgbl->selftest_params.conditional_error_check, "0") == 0) SELF_TEST_disable_conditional_error_state(); -/* Disable the security check if is disabled in the fips config file */ +/* Disable the security check if it's disabled in the fips config file. */ if (fgbl->fips_security_check_option != NULL && strcmp(fgbl->fips_security_check_option, "0") == 0) fgbl->fips_security_checks = 0;
[web] master update
The branch master has been updated via fd0743669f8f47f638b9ad5822d893fb94a1a89d (commit) from 4fab73cc1edf551a6ade144dfcae1223fa2aa120 (commit) - Log - commit fd0743669f8f47f638b9ad5822d893fb94a1a89d Author: Matt Caswell Date: Thu May 6 12:58:22 2021 +0100 Updates to newsflash for the alpha16 release Reviewed-by: Mark J. Cox Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/238) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 1c80d9c..44e8272 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +06-May-2021: Alpha 16 of OpenSSL 3.0 is now available: please download and test it 22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and test it 08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and test it 25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes
[openssl] openssl-3.0.0-alpha16 create
The annotated tag openssl-3.0.0-alpha16 has been created
at 2777f7f3a9a447979c75d3caa14c62c4fcd11ae8 (tag)
tagging d0c041b13ad12c2c689313c607e2c001f3d5a1b7 (commit)
replaces openssl-3.0.0-alpha15
tagged by Matt Caswell
on Thu May 6 13:15:03 2021 +0100
- Log -
OpenSSL 3.0.0-alpha16 release tag
-BEGIN PGP SIGNATURE-
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCT3ccRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHaOgf/Z5bHiWzyODIP6PSTRAF70dbhFUkrcktq
Y+72rP3ZPyBPiuRWkxwMihPSNbfDui48iIvRVOvKS0VipgY2gvAokJz0n6yyxhA4
1ktmHE+LpLShVII29CutvtEHocUcC8N0KiDGeuvjwn+P4oqRjWHhlgO9KEDbRDX6
1Avalq+YyDbvDFkLVokg+UZfNj/DkADNNZH/Z5iPTHC+S22Cdpujvnpg6vf+LaFD
9ZDz2oW+Fw2wsj7Yn3jawqnJWG9b5NeVVyu/u5w9x4smsjyjHLkcilYEqdaT2rAD
yBeZ4bOeHN07FIuEYS0cHRxKSmWWAks+1EaXcpWY3HKXpCB9KJy39w==
=Y3R/
-END PGP SIGNATURE-
Andreas Schwab (1):
Add system guessing for linux64-riscv64 target
Benjamin Kaduk (3):
Enforce secure renegotiation support by default
Correct ssl_conf logic for "legacy_server_connect"
adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
Daniel Bevenius (1):
Fix typo in OSSL_DECODER_CTX_set_input_structure
David Benjamin (1):
Add X509 version constants.
Dmitry Belyavskiy (1):
Use OCSP-specific error code for clarity
Dr. David von Oheimb (21):
apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper
free() function
BIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc.
APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()
APPS: Improve diagnostics for string options and options expecting int >= 0
ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
TS ESS: Move four internal aux function to where they belong in crypto/ts
CMS ESS: Move four internal aux function to where they belong in
crypto/cms
OCSP: Minor improvements of documentation and header file
OSSL_STORE_expect(): Improve error handling and documentation
APPS load_key_certs_crls(): Correct the 'expect' arg calculation for
OSSL_STORE_expect()
OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve
related doc
testutil/load.c: Add checks for file(name) == NULL
HTTP client: Correct the use of optional proxy URL and its documentation
test/certs/setup.sh: structural cleanup
update test/certs/ee-pathlen.pem to contain SKID and AKID
test/certs/setup.sh: Fix two glitches
cleanup where purpose is not needed in 25-test_verify.t
APPS: Slightly extend and improve documentation of the opt_ API
APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
Deprecate X509{,_CRL}_http_nbio() and simplify their definition
Dr. Matthias St. Pierre (12):
Remove obsolete comment
Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
Configure/Makefile: use the correct openssl app for FIPS installation
Configure/Makefile: correct the FIPS module configuration file path
Configure/Makefile: separate install of the FIPS module
Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing
it
Configure/Makefile: install the fips provider if it was configured
build.info: add the Perl wrapper to build generator programs on Windows
Configure: sort the disablables alphabetically
Configure: disable fips mode by default
README-FIPS: document the installation of the FIPS provider
CHANGES: document the FIPS provider configuration and installation
EasySec (2):
change salt handling, way 1
try to document changes in salt handling for the 'enc' command
Eric Curtin (1):
Remove dated term and fixed typo anther
FdaSilvaYY (1):
ssl: fix possible ref counting fields use before init.
Hubert Kario (2):
add Changelog item for TLS1.3 FFDHE work
man: s_server: fix text repetition in -alpn description
Jon Spillett (2):
Add testing for updated cipher IV
Add library context and property query support into the PKCS12 API
Kevin Cadieux (1):
memleaktest with MSVC's AddressSanitizer
Klaas van Schelven (1):
Documentation fix for openssl-verify certificates
Matt Caswell (15):
Prepare for 3.0 alpha 16
Add a threading test for loading/unloading providers
Properly protect access to the provider flag_activated field
Store the list of activated providers in the libctx
Defer Finished MAC handling until after state transition
Test a Finished message at the wrong time results in unexpected message
Adjust dtlstest for SHA1 security level
Adjust sslapitest for SHA1 security level
Adjust ssl_test_new for SHA1 security level
Create libcrypto support for BIO_new_from_core_bio()
Add a test for
[openssl] master update
The branch master has been updated via 4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf (commit) via d0c041b13ad12c2c689313c607e2c001f3d5a1b7 (commit) from aff636a4893e24bdc686a00a13ae6199dd38d6aa (commit) - Log - commit 4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf Author: Matt Caswell Date: Thu May 6 13:15:11 2021 +0100 Prepare for 3.0 alpha 17 Reviewed-by: Tomas Mraz commit d0c041b13ad12c2c689313c607e2c001f3d5a1b7 Author: Matt Caswell Date: Thu May 6 13:15:03 2021 +0100 Prepare for release of 3.0 alpha 16 Reviewed-by: Tomas Mraz --- Summary of changes: VERSION.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.dat b/VERSION.dat index 2e16aa375b..b4b1faa05f 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha16-dev +PRE_RELEASE_TAG=alpha17-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3
[openssl] master update
The branch master has been updated via aff636a4893e24bdc686a00a13ae6199dd38d6aa (commit) from 6269fedffb3856fc63414fcafb20a4c4c62c8f1a (commit) - Log - commit aff636a4893e24bdc686a00a13ae6199dd38d6aa Author: Matt Caswell Date: Thu May 6 13:03:23 2021 +0100 Update copyright year Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15181) --- Summary of changes: apps/asn1pars.c | 2 +- apps/engine.c | 2 +- apps/include/fmt.h | 2 +- apps/info.c | 2 +- apps/nseq.c | 2 +- apps/prime.c| 2 +- apps/progs.pl | 2 +- apps/sess_id.c | 2 +- apps/spkac.c| 2 +- apps/version.c | 2 +- crypto/bio/bio_local.h | 2 +- crypto/bn/bn_nist.c | 2 +- crypto/cpt_err.c| 2 +- crypto/evp/evp_cnf.c| 2 +- crypto/evp/evp_pbe.c| 2 +- crypto/pkcs12/p12_add.c | 2 +- crypto/pkcs12/p12_crpt.c| 2 +- crypto/pkcs12/p12_init.c| 2 +- crypto/pkcs12/p12_p8d.c | 2 +- crypto/pkcs12/p12_p8e.c | 2 +- crypto/pkcs12/p12_sbag.c| 2 +- crypto/rc2/rc2_skey.c | 2 +- crypto/x509/t_crl.c | 2 +- doc/man1/openssl-crl.pod.in | 2 +- doc/man1/openssl-dhparam.pod.in | 2 +- doc/man1/openssl-dsa.pod.in | 2 +- doc/man1/openssl-dsaparam.pod.in| 2 +- doc/man1/openssl-ecparam.pod.in | 2 +- doc/man1/openssl-format-options.pod | 2 +- doc/man1/openssl-rsa.pod.in | 2 +- doc/man1/openssl-smime.pod.in | 2 +- doc/man1/openssl-spkac.pod.in | 2 +- doc/man1/openssl-verify.pod.in | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/BIO_new.pod| 2 +- doc/man3/BIO_parse_hostserv.pod | 2 +- doc/man3/BIO_s_connect.pod | 2 +- doc/man3/BIO_s_fd.pod | 2 +- doc/man3/CMS_get1_ReceiptRequest.pod| 2 +- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 2 +- doc/man3/EVP_PKEY_meth_new.pod | 2 +- doc/man3/OSSL_STORE_expect.pod | 2 +- doc/man3/OSSL_STORE_open.pod| 2 +- doc/man3/PKCS5_PBKDF2_HMAC.pod | 2 +- doc/man3/TS_VERIFY_CTX_set_certs.pod| 2 +- doc/man3/X509_get_version.pod | 2 +- doc/man7/openssl-core.h.pod | 2 +- include/openssl/conf.h.in | 2 +- include/openssl/e_os2.h | 2 +- include/openssl/hmac.h | 2 +- include/openssl/pkcs12.h.in | 2 +- include/openssl/safestack.h.in | 2 +- include/openssl/stack.h | 2 +- test/asn1_decode_test.c | 2 +- test/dtlstest.c | 2 +- test/ecstresstest.c | 2 +- test/errtest.c | 2 +- test/helpers/pkcs12.h | 2 +- test/memleaktest.c | 2 +- test/pkcs12_format_test.c | 2 +- test/recipes/04-test_bio_core.t | 2 +- test/recipes/15-test_gendh.t| 2 +- test/recipes/20-test_dgst.t | 2 +- test/recipes/25-test_crl.t | 2 +- test/recipes/30-test_evp_data/evpciph_aes_wrap.txt | 2 +- test/recipes/30-test_evp_data/evpciph_aria.txt | 2 +- test/recipes/30-test_evp_data/evpciph_camellia.txt | 2 +- test/recipes/30-test_evp_data/evpciph_des.txt | 2 +- test/recipes/30-test_evp_data/evpciph_des3_common.txt | 2 +-
[openssl] master update
The branch master has been updated via 6269fedffb3856fc63414fcafb20a4c4c62c8f1a (commit) from d105a24c8987dde38595a2fa336057b141e5ddf3 (commit) - Log - commit 6269fedffb3856fc63414fcafb20a4c4c62c8f1a Author: Matt Caswell Date: Thu May 6 12:04:38 2021 +0100 Update the FIPS checksums Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15177) --- Summary of changes: providers/fips-sources.checksums | 2 +- providers/fips.checksum | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index fc8d6362df..c3d4dd9292 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -182,7 +182,7 @@ c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329 crypto/evp/evp 2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670 crypto/evp/keymgmt_lib.c 56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535 crypto/evp/keymgmt_meth.c 9fd78bfd59378fc4a9f56ce474310d8d2851aa42862c694ee0e47b175e836c51 crypto/evp/m_sigver.c -a661a25d70af7eb79d1dd76ea1595c370c266307e20ee2e60074216672286a71 crypto/evp/mac_lib.c +0f5e0cd5c66712803a19774610f6bdfe572f5dda08c58cdf1b19d38a0693911c crypto/evp/mac_lib.c 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5 crypto/evp/mac_meth.c f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5 crypto/evp/p_lib.c b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4 crypto/evp/pmeth_check.c diff --git a/providers/fips.checksum b/providers/fips.checksum index e28929484f..913f8b0992 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -de031c8fbe10ee9b6447dd230956217e599cf923ff36a1026b515c2a22158b37 providers/fips-sources.checksums +f51d5228b36f7d4ef300ceddfb426e672b136c0b64706af027707830828fa442 providers/fips-sources.checksums
[openssl] master update
The branch master has been updated via d105a24c8987dde38595a2fa336057b141e5ddf3 (commit) via bee3f3890547cc7f349b69ef63665ebcc80d48ed (commit) via 3d1becd42aecbd00c2514bac7b5e8e33f097fdc2 (commit) via 0b294f5647a21a8762871b18f0cbbf96ce8cc68d (commit) via d382e79632677f2457025be3d820e08d7ea12d85 (commit) from b86fa8c55682169c88e14e616170d6caeb208865 (commit) - Log - commit d105a24c8987dde38595a2fa336057b141e5ddf3 Author: Tomas Mraz Date: Mon May 3 14:40:06 2021 +0200 Add some tests for -inform/keyform enforcement Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) commit bee3f3890547cc7f349b69ef63665ebcc80d48ed Author: Tomas Mraz Date: Mon May 3 14:15:26 2021 +0200 Document the behavior of the -inform and related options Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) commit 3d1becd42aecbd00c2514bac7b5e8e33f097fdc2 Author: Tomas Mraz Date: Mon May 3 14:14:54 2021 +0200 provider-storemgmt: Document the input-type and properties parameters. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) commit 0b294f5647a21a8762871b18f0cbbf96ce8cc68d Author: Tomas Mraz Date: Mon May 3 08:45:52 2021 +0200 Update gost-engine to make it compatible with the added params Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) commit d382e79632677f2457025be3d820e08d7ea12d85 Author: Tomas Mraz Date: Fri Apr 30 16:57:53 2021 +0200 Make the -inform option to be respected if possible Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) --- Summary of changes: CHANGES.md | 7 +++ apps/ca.c| 10 ++-- apps/cmp.c | 6 +-- apps/cms.c | 16 +++--- apps/crl.c | 6 +-- apps/dgst.c | 2 +- apps/dsa.c | 2 +- apps/dsaparam.c | 4 +- apps/ec.c| 2 +- apps/ecparam.c | 2 +- apps/gendsa.c| 2 +- apps/include/apps.h | 15 +++--- apps/lib/apps.c | 61 +++-- apps/lib/s_cb.c | 3 +- apps/ocsp.c | 12 ++--- apps/pkcs8.c | 9 ++-- apps/pkey.c | 2 +- apps/pkeyutl.c | 5 +- apps/req.c | 6 +-- apps/rsa.c | 4 +- apps/rsautl.c| 4 +- apps/s_client.c | 11 ++-- apps/s_server.c | 22 apps/smime.c | 9 ++-- apps/spkac.c | 2 +- apps/storeutl.c | 2 +- apps/verify.c| 2 +- apps/x509.c | 8 +-- crypto/pem/pem_pkey.c| 2 +- crypto/store/store_lib.c | 68 ++-- crypto/x509/by_store.c | 3 +- doc/man1/openssl-ca.pod.in | 19 +++ doc/man1/openssl-cmp.pod.in | 3 +- doc/man1/openssl-cms.pod.in | 6 +-- doc/man1/openssl-crl.pod.in | 13 ++--- doc/man1/openssl-dgst.pod.in | 6 +-- doc/man1/openssl-dsa.pod.in | 9 +++- doc/man1/openssl-dsaparam.pod.in | 9 +++- doc/man1/openssl-ec.pod.in | 5 +- doc/man1/openssl-ecparam.pod.in | 9 +++- doc/man1/openssl-format-options.pod | 10 ++-- doc/man1/openssl-pkey.pod.in | 3 +- doc/man1/openssl-pkeyutl.pod.in | 9 +--- doc/man1/openssl-req.pod.in | 9 ++-- doc/man1/openssl-rsa.pod.in | 3 +- doc/man1/openssl-rsautl.pod.in
FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m
Platform and configuration command:
$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec2m
Commit log since last time:
a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON
macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the
dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its
documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error;
improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for
OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
Build log ended with (last 100 lines):
70-test_sslcertstatus.t ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t ok
70-test_tls13messages.t ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
#
Killing mock server with pid=117415580-test_cmp_http.t . ok
# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
81-test_cmp_cli.t
[openssl] master update
The branch master has been updated
via b86fa8c55682169c88e14e616170d6caeb208865 (commit)
via c4c8791e145a7cb2d59e73410505e36e4d57ff78 (commit)
from a35536b52d91d02cbfeef22d1373a92252d19d62 (commit)
- Log -
commit b86fa8c55682169c88e14e616170d6caeb208865
Author: EasySec
Date: Tue May 4 00:24:24 2021 +0200
try to document changes in salt handling for the 'enc' command
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/4486)
commit c4c8791e145a7cb2d59e73410505e36e4d57ff78
Author: EasySec
Date: Sat Dec 30 16:19:47 2017 +0100
change salt handling, way 1
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/4486)
---
Summary of changes:
apps/enc.c | 74 +
doc/man1/openssl-enc.pod.in | 10 --
2 files changed, 48 insertions(+), 36 deletions(-)
diff --git a/apps/enc.c b/apps/enc.c
index 4339ba4114..32ed08d943 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -429,14 +429,11 @@ int enc_main(int argc, char **argv)
}
if (cipher != NULL) {
-/*
- * Note that str is NULL if a key was passed on the command line, so
- * we get no salt in that case. Is this a bug?
- */
-if (str != NULL) {
+if (str != NULL) { /* a passphrase is available */
/*
- * Salt handling: if encrypting generate a salt and write to
- * output BIO. If decrypting read salt from input BIO.
+ * Salt handling: if encrypting generate a salt if not supplied,
+ * and write to output BIO. If decrypting use salt from input BIO
+ * if not given with args
*/
unsigned char *sptr;
size_t str_len = strlen(str);
@@ -444,36 +441,47 @@ int enc_main(int argc, char **argv)
if (nosalt) {
sptr = NULL;
} else {
-if (enc) {
-if (hsalt) {
-if (!set_hex(hsalt, salt, sizeof(salt))) {
-BIO_printf(bio_err, "invalid hex salt value\n");
+if (hsalt != NULL && !set_hex(hsalt, salt, sizeof(salt))) {
+BIO_printf(bio_err, "invalid hex salt value\n");
+goto end;
+}
+if (enc) { /* encryption */
+if (hsalt == NULL) {
+if (RAND_bytes(salt, sizeof(salt)) <= 0) {
+BIO_printf(bio_err, "RAND_bytes failed\n");
+goto end;
+}
+/*
+ * If -P option then don't bother writing.
+ * If salt is given, shouldn't either ?
+ */
+if ((printkey != 2)
+&& (BIO_write(wbio, magic,
+ sizeof(magic) - 1) != sizeof(magic)
- 1
+|| BIO_write(wbio,
+ (char *)salt,
+ sizeof(salt)) != sizeof(salt))) {
+BIO_printf(bio_err, "error writing output file\n");
goto end;
}
-} else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
-goto end;
}
-/*
- * If -P option then don't bother writing
- */
-if ((printkey != 2)
-&& (BIO_write(wbio, magic,
- sizeof(magic) - 1) != sizeof(magic) - 1
-|| BIO_write(wbio,
- (char *)salt,
- sizeof(salt)) != sizeof(salt))) {
-BIO_printf(bio_err, "error writing output file\n");
-goto end;
+} else {/* decryption */
+if (hsalt == NULL) {
+if (BIO_read(rbio, mbuf, sizeof(mbuf)) !=
sizeof(mbuf)) {
+BIO_printf(bio_err, "error reading input file\n");
+goto end;
+}
+if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file
IS salted */
+if (BIO_read(rbio, salt,
+ sizeof(salt)) != sizeof(salt)) {
+BIO_printf(bio_err, "error reading input
file\n");
+goto end;
+}
+
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command:
$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des
Commit log since last time:
a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON
macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the
dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its
documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error;
improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for
OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
