FAILED build of OpenSSL branch master with options -d --strict-warnings no-multiblock
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-multiblock Commit log since last time: a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro 284076982d APPS: Slightly extend and improve documentation of the opt_ API 6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect" 72d2670bd2 Enforce secure renegotiation support by default 8369592d35 Fix missing symbols in no-cms and no-ts build b039c87a4c mac: add EVP_MAC_finalXOF() function 6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF a59c69724d doc: document EVP_MAC_finalXOF() f7050588bc Add .includedir pragma 3fb985fd04 Allow absolute paths to be set 1127754e48 Note that dhparam does support X9.42 97b59744f2 cleanup where purpose is not needed in 25-test_verify.t eca4826a29 test/certs/setup.sh: Fix two glitches c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID 4f449d90dd test/certs/setup.sh: structural cleanup a485561b2e Fetch cipher-wrap after loading providers. 2b05439f84 Fix KMAC bounds checks. 029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3 355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs 79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation 9520fe5f49 testutil/load.c: Add checks for file(name) == NULL 8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF 6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect() 6e328484ab OSSL_STORE_expect(): Improve error handling and documentation 7031f5821c OCSP: Minor improvements of documentation and header file bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE f9548d21ba Document the new core BIO public API support 93954ab050 Add a test for the public core bio API b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio() e3188bae04 Run coveralls daily and not exactly at midnight 9deb202e6a coveralls: Enable fips as it is disabled by default a0baa98b5c apps: Switch to X509_REQ_verify_ex 67cd43084c test: fix failure with FIPS and no-des configured. 5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands 49ce003740 APPS: Set a default passphrase UI for the "ec" command f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml 49f699b54d GitHub CI: ensure that unifdef is installed be22315235 FIPS module checksums: add scripts and Makefile rule 27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources 841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm 02669b677e Windows build file: add forgotten quotes on POD->html command line 0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up! Build log ended with (last 100 lines): 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # Killing mock server with pid=326688180-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok
Build completed: openssl master.41958
Build openssl master.41958 completed Commit b0f960189b by Dr. David von Oheimb on 5/5/2021 6:48 PM: APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro 284076982d APPS: Slightly extend and improve documentation of the opt_ API 6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect" 72d2670bd2 Enforce secure renegotiation support by default 8369592d35 Fix missing symbols in no-cms and no-ts build b039c87a4c mac: add EVP_MAC_finalXOF() function 6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF a59c69724d doc: document EVP_MAC_finalXOF() f7050588bc Add .includedir pragma 3fb985fd04 Allow absolute paths to be set 1127754e48 Note that dhparam does support X9.42 97b59744f2 cleanup where purpose is not needed in 25-test_verify.t eca4826a29 test/certs/setup.sh: Fix two glitches c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID 4f449d90dd test/certs/setup.sh: structural cleanup a485561b2e Fetch cipher-wrap after loading providers. 2b05439f84 Fix KMAC bounds checks. 029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3 355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs 79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation 9520fe5f49 testutil/load.c: Add checks for file(name) == NULL 8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF 6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect() 6e328484ab OSSL_STORE_expect(): Improve error handling and documentation 7031f5821c OCSP: Minor improvements of documentation and header file bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE f9548d21ba Document the new core BIO public API support 93954ab050 Add a test for the public core bio API b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio() e3188bae04 Run coveralls daily and not exactly at midnight 9deb202e6a coveralls: Enable fips as it is disabled by default a0baa98b5c apps: Switch to X509_REQ_verify_ex 67cd43084c test: fix failure with FIPS and no-des configured. 5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands 49ce003740 APPS: Set a default passphrase UI for the "ec" command f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml 49f699b54d GitHub CI: ensure that unifdef is installed be22315235 FIPS module checksums: add scripts and Makefile rule 27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources 841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm 02669b677e Windows build file: add forgotten quotes on POD->html command line 0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up! Build log ended with (last 100 lines): ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo5.pem -out_trusted root.crt => 0 not ok 47 - popo NONE # -- # Failed test 'popo NONE' # at ../openssl/test/recipes/80-test_cmp_http.t line 145. Warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert # cmp_main:../openssl/apps/cmp.c:2582:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf' # opt_str:../openssl/apps/cmp.c:2191:CMP warning: -proxy option argument is empty string, resetting option # setup_client_ctx:../openssl/apps/cmp.c:1891:CMP info: will contact http://127.0.0.1:1700/pkix/ # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received IP # send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending CERTCONF # send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received PKICONF # save_free_certs:../openssl/apps/cmp.c:1941:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem' ../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock
Build failed: openssl master.41957
Build openssl master.41957 failed Commit 6c0ac9b99f by Benjamin Kaduk on 5/5/2021 3:13 PM: adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change Configure your notification preferences
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via a9e808fadcff1b1b4bf5dece753ee5eb00c9cc16 (commit) from 9f85ab647c8c9f47a1523f99facdf15fc34797a0 (commit) - Log - commit a9e808fadcff1b1b4bf5dece753ee5eb00c9cc16 Author: Dmitry Belyavskiy Date: Wed May 5 14:29:28 2021 +0200 Avoid sending alerts after shutdown Fixes #11388 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15159) (cherry picked from commit 22d1138fe2fde9a16e80b81de1d848ae6fa879ef) --- Summary of changes: ssl/s3_msg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 339fb2774a..721bbb7320 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -48,6 +48,8 @@ int ssl3_send_alert(SSL *s, int level, int desc) * protocol_version alerts */ if (desc < 0) return -1; +if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY) +return -1; /* If a fatal one, remove from cache */ if ((level == SSL3_AL_FATAL) && (s->session != NULL)) SSL_CTX_remove_session(s->session_ctx, s->session);
[openssl] master update
The branch master has been updated via 22d1138fe2fde9a16e80b81de1d848ae6fa879ef (commit) from 021521aa91d7b1a47f3c3b704f1cc39f169b2e5b (commit) - Log - commit 22d1138fe2fde9a16e80b81de1d848ae6fa879ef Author: Dmitry Belyavskiy Date: Wed May 5 14:29:28 2021 +0200 Avoid sending alerts after shutdown Fixes #11388 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15159) --- Summary of changes: ssl/s3_msg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 066623d5fb..4b0906820e 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -52,6 +52,8 @@ int ssl3_send_alert(SSL *s, int level, int desc) * protocol_version alerts */ if (desc < 0) return -1; +if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY) +return -1; /* If a fatal one, remove from cache */ if ((level == SSL3_AL_FATAL) && (s->session != NULL)) SSL_CTX_remove_session(s->session_ctx, s->session);
[openssl] master update
The branch master has been updated via 021521aa91d7b1a47f3c3b704f1cc39f169b2e5b (commit) from bfe2fcc840e92df5a5875e55c6aed79891d2612f (commit) - Log - commit 021521aa91d7b1a47f3c3b704f1cc39f169b2e5b Author: Petr Gotthard Date: Sun Apr 18 18:28:25 2021 +0200 Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT, so a check for NULL is needed. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14919) --- Summary of changes: crypto/encode_decode/encoder_pkey.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c index 4bfd219fe2..3bb0702e43 100644 --- a/crypto/encode_decode/encoder_pkey.c +++ b/crypto/encode_decode/encoder_pkey.c @@ -76,6 +76,7 @@ struct collected_encoder_st { const char *output_structure; const char *output_type; +const OSSL_PROVIDER *keymgmt_prov; OSSL_ENCODER_CTX *ctx; int error_occurred; @@ -102,7 +103,9 @@ static void collect_encoder(OSSL_ENCODER *encoder, void *arg) if (!OSSL_ENCODER_is_a(encoder, name) || (encoder->does_selection != NULL -&& !encoder->does_selection(provctx, data->ctx->selection))) +&& !encoder->does_selection(provctx, data->ctx->selection)) +|| (data->keymgmt_prov != prov +&& encoder->import_object == NULL)) continue; /* Only add each encoder implementation once */ @@ -213,6 +216,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx, const char *propquery) { struct construct_data_st *data = NULL; +const OSSL_PROVIDER *prov = NULL; OSSL_LIB_CTX *libctx = NULL; int ok = 0; @@ -222,8 +226,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx, } if (evp_pkey_is_provided(pkey)) { -const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt); - +prov = EVP_KEYMGMT_provider(pkey->keymgmt); libctx = ossl_provider_libctx(prov); } @@ -252,6 +255,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx, encoder_data.output_type = ctx->output_type; encoder_data.output_structure = ctx->output_structure; encoder_data.error_occurred = 0; +encoder_data.keymgmt_prov = prov; encoder_data.ctx = ctx; OSSL_ENCODER_do_all_provided(libctx, collect_encoder, _data); sk_OPENSSL_CSTRING_free(keymgmt_data.names);
[openssl] master update
The branch master has been updated via bfe2fcc840e92df5a5875e55c6aed79891d2612f (commit) from 6ef2f71ac70aff99da277be4a554e3b1fe739050 (commit) - Log - commit bfe2fcc840e92df5a5875e55c6aed79891d2612f Author: Tomas Mraz Date: Tue May 4 15:38:48 2021 +0200 evp_extra_test: Avoid potential double free of params Fixes #14916 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15135) --- Summary of changes: test/evp_extra_test.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f8fdc7287d..7fd45bc316 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -688,6 +688,7 @@ static int test_EC_priv_pub(void) if (!test_fromdata("EC", params)) goto err; OSSL_PARAM_free(params); +params = NULL; OSSL_PARAM_BLD_free(bld); /* Test priv and !pub */ @@ -704,6 +705,7 @@ static int test_EC_priv_pub(void) if (!test_fromdata("EC", params)) goto err; OSSL_PARAM_free(params); +params = NULL; OSSL_PARAM_BLD_free(bld); /* Test !priv and pub */ @@ -721,6 +723,7 @@ static int test_EC_priv_pub(void) if (!test_fromdata("EC", params)) goto err; OSSL_PARAM_free(params); +params = NULL; OSSL_PARAM_BLD_free(bld); /* Test priv and pub */
[openssl] master update
The branch master has been updated via 6ef2f71ac70aff99da277be4a554e3b1fe739050 (commit) from 6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46 (commit) - Log - commit 6ef2f71ac70aff99da277be4a554e3b1fe739050 Author: Daniel Bevenius Date: Wed May 5 08:56:36 2021 +0200 Clarify where dispatch functions/ids are defined When reading the comment for ossl_dispatch_st it seems to indicate that the function_id numbers are defined further down in the same file. But I was not able to find them there, but instead in core_dispatch.h. This commit suggests updating the comment to point to core_dispatch.h Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15156) --- Summary of changes: include/openssl/core.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/core.h b/include/openssl/core.h index 5d69278d2e..3356ef2088 100644 --- a/include/openssl/core.h +++ b/include/openssl/core.h @@ -32,8 +32,8 @@ typedef struct openssl_core_ctx_st OPENSSL_CORE_CTX; typedef struct ossl_core_bio_st OSSL_CORE_BIO; /* - * Dispatch table element. function_id numbers are defined further down, - * see macros with '_FUNC' in their names. + * Dispatch table element. function_id numbers and the functions are defined + * in core_dispatch.h, see macros with 'OSSL_CORE_MAKE_FUNC' in their names. * * An array of these is always terminated by function_id == 0 */
[openssl] master update
The branch master has been updated via 6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46 (commit) from 4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf (commit) - Log - commit 6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46 Author: Daniel Bevenius Date: Wed May 5 05:39:56 2021 +0200 Clarify two comments (typos) in fipsprov.c Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15150) --- Summary of changes: providers/fips/fipsprov.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index a7d335b78a..841c80bab7 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -671,14 +671,14 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, return 0; } /* - * Disable the conditional error check if is disabled in the fips config - * file + * Disable the conditional error check if it's disabled in the fips config + * file. */ if (fgbl->selftest_params.conditional_error_check != NULL && strcmp(fgbl->selftest_params.conditional_error_check, "0") == 0) SELF_TEST_disable_conditional_error_state(); -/* Disable the security check if is disabled in the fips config file */ +/* Disable the security check if it's disabled in the fips config file. */ if (fgbl->fips_security_check_option != NULL && strcmp(fgbl->fips_security_check_option, "0") == 0) fgbl->fips_security_checks = 0;
[web] master update
The branch master has been updated via fd0743669f8f47f638b9ad5822d893fb94a1a89d (commit) from 4fab73cc1edf551a6ade144dfcae1223fa2aa120 (commit) - Log - commit fd0743669f8f47f638b9ad5822d893fb94a1a89d Author: Matt Caswell Date: Thu May 6 12:58:22 2021 +0100 Updates to newsflash for the alpha16 release Reviewed-by: Mark J. Cox Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/238) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 1c80d9c..44e8272 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +06-May-2021: Alpha 16 of OpenSSL 3.0 is now available: please download and test it 22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and test it 08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and test it 25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes
[openssl] openssl-3.0.0-alpha16 create
The annotated tag openssl-3.0.0-alpha16 has been created at 2777f7f3a9a447979c75d3caa14c62c4fcd11ae8 (tag) tagging d0c041b13ad12c2c689313c607e2c001f3d5a1b7 (commit) replaces openssl-3.0.0-alpha15 tagged by Matt Caswell on Thu May 6 13:15:03 2021 +0100 - Log - OpenSSL 3.0.0-alpha16 release tag -BEGIN PGP SIGNATURE- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCT3ccRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHaOgf/Z5bHiWzyODIP6PSTRAF70dbhFUkrcktq Y+72rP3ZPyBPiuRWkxwMihPSNbfDui48iIvRVOvKS0VipgY2gvAokJz0n6yyxhA4 1ktmHE+LpLShVII29CutvtEHocUcC8N0KiDGeuvjwn+P4oqRjWHhlgO9KEDbRDX6 1Avalq+YyDbvDFkLVokg+UZfNj/DkADNNZH/Z5iPTHC+S22Cdpujvnpg6vf+LaFD 9ZDz2oW+Fw2wsj7Yn3jawqnJWG9b5NeVVyu/u5w9x4smsjyjHLkcilYEqdaT2rAD yBeZ4bOeHN07FIuEYS0cHRxKSmWWAks+1EaXcpWY3HKXpCB9KJy39w== =Y3R/ -END PGP SIGNATURE- Andreas Schwab (1): Add system guessing for linux64-riscv64 target Benjamin Kaduk (3): Enforce secure renegotiation support by default Correct ssl_conf logic for "legacy_server_connect" adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change Daniel Bevenius (1): Fix typo in OSSL_DECODER_CTX_set_input_structure David Benjamin (1): Add X509 version constants. Dmitry Belyavskiy (1): Use OCSP-specific error code for clarity Dr. David von Oheimb (21): apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() function BIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc. APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname() APPS: Improve diagnostics for string options and options expecting int >= 0 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage TS ESS: Move four internal aux function to where they belong in crypto/ts CMS ESS: Move four internal aux function to where they belong in crypto/cms OCSP: Minor improvements of documentation and header file OSSL_STORE_expect(): Improve error handling and documentation APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect() OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc testutil/load.c: Add checks for file(name) == NULL HTTP client: Correct the use of optional proxy URL and its documentation test/certs/setup.sh: structural cleanup update test/certs/ee-pathlen.pem to contain SKID and AKID test/certs/setup.sh: Fix two glitches cleanup where purpose is not needed in 25-test_verify.t APPS: Slightly extend and improve documentation of the opt_ API APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro Deprecate X509{,_CRL}_http_nbio() and simplify their definition Dr. Matthias St. Pierre (12): Remove obsolete comment Configure/Makefile: fix the `-macopt` argument of the fipsinstall command Configure/Makefile: use the correct openssl app for FIPS installation Configure/Makefile: correct the FIPS module configuration file path Configure/Makefile: separate install of the FIPS module Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it Configure/Makefile: install the fips provider if it was configured build.info: add the Perl wrapper to build generator programs on Windows Configure: sort the disablables alphabetically Configure: disable fips mode by default README-FIPS: document the installation of the FIPS provider CHANGES: document the FIPS provider configuration and installation EasySec (2): change salt handling, way 1 try to document changes in salt handling for the 'enc' command Eric Curtin (1): Remove dated term and fixed typo anther FdaSilvaYY (1): ssl: fix possible ref counting fields use before init. Hubert Kario (2): add Changelog item for TLS1.3 FFDHE work man: s_server: fix text repetition in -alpn description Jon Spillett (2): Add testing for updated cipher IV Add library context and property query support into the PKCS12 API Kevin Cadieux (1): memleaktest with MSVC's AddressSanitizer Klaas van Schelven (1): Documentation fix for openssl-verify certificates Matt Caswell (15): Prepare for 3.0 alpha 16 Add a threading test for loading/unloading providers Properly protect access to the provider flag_activated field Store the list of activated providers in the libctx Defer Finished MAC handling until after state transition Test a Finished message at the wrong time results in unexpected message Adjust dtlstest for SHA1 security level Adjust sslapitest for SHA1 security level Adjust ssl_test_new for SHA1 security level Create libcrypto support for BIO_new_from_core_bio() Add a test for
[openssl] master update
The branch master has been updated via 4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf (commit) via d0c041b13ad12c2c689313c607e2c001f3d5a1b7 (commit) from aff636a4893e24bdc686a00a13ae6199dd38d6aa (commit) - Log - commit 4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf Author: Matt Caswell Date: Thu May 6 13:15:11 2021 +0100 Prepare for 3.0 alpha 17 Reviewed-by: Tomas Mraz commit d0c041b13ad12c2c689313c607e2c001f3d5a1b7 Author: Matt Caswell Date: Thu May 6 13:15:03 2021 +0100 Prepare for release of 3.0 alpha 16 Reviewed-by: Tomas Mraz --- Summary of changes: VERSION.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.dat b/VERSION.dat index 2e16aa375b..b4b1faa05f 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha16-dev +PRE_RELEASE_TAG=alpha17-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3
[openssl] master update
The branch master has been updated via aff636a4893e24bdc686a00a13ae6199dd38d6aa (commit) from 6269fedffb3856fc63414fcafb20a4c4c62c8f1a (commit) - Log - commit aff636a4893e24bdc686a00a13ae6199dd38d6aa Author: Matt Caswell Date: Thu May 6 13:03:23 2021 +0100 Update copyright year Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15181) --- Summary of changes: apps/asn1pars.c | 2 +- apps/engine.c | 2 +- apps/include/fmt.h | 2 +- apps/info.c | 2 +- apps/nseq.c | 2 +- apps/prime.c| 2 +- apps/progs.pl | 2 +- apps/sess_id.c | 2 +- apps/spkac.c| 2 +- apps/version.c | 2 +- crypto/bio/bio_local.h | 2 +- crypto/bn/bn_nist.c | 2 +- crypto/cpt_err.c| 2 +- crypto/evp/evp_cnf.c| 2 +- crypto/evp/evp_pbe.c| 2 +- crypto/pkcs12/p12_add.c | 2 +- crypto/pkcs12/p12_crpt.c| 2 +- crypto/pkcs12/p12_init.c| 2 +- crypto/pkcs12/p12_p8d.c | 2 +- crypto/pkcs12/p12_p8e.c | 2 +- crypto/pkcs12/p12_sbag.c| 2 +- crypto/rc2/rc2_skey.c | 2 +- crypto/x509/t_crl.c | 2 +- doc/man1/openssl-crl.pod.in | 2 +- doc/man1/openssl-dhparam.pod.in | 2 +- doc/man1/openssl-dsa.pod.in | 2 +- doc/man1/openssl-dsaparam.pod.in| 2 +- doc/man1/openssl-ecparam.pod.in | 2 +- doc/man1/openssl-format-options.pod | 2 +- doc/man1/openssl-rsa.pod.in | 2 +- doc/man1/openssl-smime.pod.in | 2 +- doc/man1/openssl-spkac.pod.in | 2 +- doc/man1/openssl-verify.pod.in | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/BIO_new.pod| 2 +- doc/man3/BIO_parse_hostserv.pod | 2 +- doc/man3/BIO_s_connect.pod | 2 +- doc/man3/BIO_s_fd.pod | 2 +- doc/man3/CMS_get1_ReceiptRequest.pod| 2 +- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 2 +- doc/man3/EVP_PKEY_meth_new.pod | 2 +- doc/man3/OSSL_STORE_expect.pod | 2 +- doc/man3/OSSL_STORE_open.pod| 2 +- doc/man3/PKCS5_PBKDF2_HMAC.pod | 2 +- doc/man3/TS_VERIFY_CTX_set_certs.pod| 2 +- doc/man3/X509_get_version.pod | 2 +- doc/man7/openssl-core.h.pod | 2 +- include/openssl/conf.h.in | 2 +- include/openssl/e_os2.h | 2 +- include/openssl/hmac.h | 2 +- include/openssl/pkcs12.h.in | 2 +- include/openssl/safestack.h.in | 2 +- include/openssl/stack.h | 2 +- test/asn1_decode_test.c | 2 +- test/dtlstest.c | 2 +- test/ecstresstest.c | 2 +- test/errtest.c | 2 +- test/helpers/pkcs12.h | 2 +- test/memleaktest.c | 2 +- test/pkcs12_format_test.c | 2 +- test/recipes/04-test_bio_core.t | 2 +- test/recipes/15-test_gendh.t| 2 +- test/recipes/20-test_dgst.t | 2 +- test/recipes/25-test_crl.t | 2 +- test/recipes/30-test_evp_data/evpciph_aes_wrap.txt | 2 +- test/recipes/30-test_evp_data/evpciph_aria.txt | 2 +- test/recipes/30-test_evp_data/evpciph_camellia.txt | 2 +- test/recipes/30-test_evp_data/evpciph_des.txt | 2 +- test/recipes/30-test_evp_data/evpciph_des3_common.txt | 2 +-
[openssl] master update
The branch master has been updated via 6269fedffb3856fc63414fcafb20a4c4c62c8f1a (commit) from d105a24c8987dde38595a2fa336057b141e5ddf3 (commit) - Log - commit 6269fedffb3856fc63414fcafb20a4c4c62c8f1a Author: Matt Caswell Date: Thu May 6 12:04:38 2021 +0100 Update the FIPS checksums Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15177) --- Summary of changes: providers/fips-sources.checksums | 2 +- providers/fips.checksum | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index fc8d6362df..c3d4dd9292 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -182,7 +182,7 @@ c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329 crypto/evp/evp 2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670 crypto/evp/keymgmt_lib.c 56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535 crypto/evp/keymgmt_meth.c 9fd78bfd59378fc4a9f56ce474310d8d2851aa42862c694ee0e47b175e836c51 crypto/evp/m_sigver.c -a661a25d70af7eb79d1dd76ea1595c370c266307e20ee2e60074216672286a71 crypto/evp/mac_lib.c +0f5e0cd5c66712803a19774610f6bdfe572f5dda08c58cdf1b19d38a0693911c crypto/evp/mac_lib.c 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5 crypto/evp/mac_meth.c f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5 crypto/evp/p_lib.c b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4 crypto/evp/pmeth_check.c diff --git a/providers/fips.checksum b/providers/fips.checksum index e28929484f..913f8b0992 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -de031c8fbe10ee9b6447dd230956217e599cf923ff36a1026b515c2a22158b37 providers/fips-sources.checksums +f51d5228b36f7d4ef300ceddfb426e672b136c0b64706af027707830828fa442 providers/fips-sources.checksums
[openssl] master update
The branch master has been updated via d105a24c8987dde38595a2fa336057b141e5ddf3 (commit) via bee3f3890547cc7f349b69ef63665ebcc80d48ed (commit) via 3d1becd42aecbd00c2514bac7b5e8e33f097fdc2 (commit) via 0b294f5647a21a8762871b18f0cbbf96ce8cc68d (commit) via d382e79632677f2457025be3d820e08d7ea12d85 (commit) from b86fa8c55682169c88e14e616170d6caeb208865 (commit) - Log - commit d105a24c8987dde38595a2fa336057b141e5ddf3 Author: Tomas Mraz Date: Mon May 3 14:40:06 2021 +0200 Add some tests for -inform/keyform enforcement Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) commit bee3f3890547cc7f349b69ef63665ebcc80d48ed Author: Tomas Mraz Date: Mon May 3 14:15:26 2021 +0200 Document the behavior of the -inform and related options Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) commit 3d1becd42aecbd00c2514bac7b5e8e33f097fdc2 Author: Tomas Mraz Date: Mon May 3 14:14:54 2021 +0200 provider-storemgmt: Document the input-type and properties parameters. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) commit 0b294f5647a21a8762871b18f0cbbf96ce8cc68d Author: Tomas Mraz Date: Mon May 3 08:45:52 2021 +0200 Update gost-engine to make it compatible with the added params Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) commit d382e79632677f2457025be3d820e08d7ea12d85 Author: Tomas Mraz Date: Fri Apr 30 16:57:53 2021 +0200 Make the -inform option to be respected if possible Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15100) --- Summary of changes: CHANGES.md | 7 +++ apps/ca.c| 10 ++-- apps/cmp.c | 6 +-- apps/cms.c | 16 +++--- apps/crl.c | 6 +-- apps/dgst.c | 2 +- apps/dsa.c | 2 +- apps/dsaparam.c | 4 +- apps/ec.c| 2 +- apps/ecparam.c | 2 +- apps/gendsa.c| 2 +- apps/include/apps.h | 15 +++--- apps/lib/apps.c | 61 +++-- apps/lib/s_cb.c | 3 +- apps/ocsp.c | 12 ++--- apps/pkcs8.c | 9 ++-- apps/pkey.c | 2 +- apps/pkeyutl.c | 5 +- apps/req.c | 6 +-- apps/rsa.c | 4 +- apps/rsautl.c| 4 +- apps/s_client.c | 11 ++-- apps/s_server.c | 22 apps/smime.c | 9 ++-- apps/spkac.c | 2 +- apps/storeutl.c | 2 +- apps/verify.c| 2 +- apps/x509.c | 8 +-- crypto/pem/pem_pkey.c| 2 +- crypto/store/store_lib.c | 68 ++-- crypto/x509/by_store.c | 3 +- doc/man1/openssl-ca.pod.in | 19 +++ doc/man1/openssl-cmp.pod.in | 3 +- doc/man1/openssl-cms.pod.in | 6 +-- doc/man1/openssl-crl.pod.in | 13 ++--- doc/man1/openssl-dgst.pod.in | 6 +-- doc/man1/openssl-dsa.pod.in | 9 +++- doc/man1/openssl-dsaparam.pod.in | 9 +++- doc/man1/openssl-ec.pod.in | 5 +- doc/man1/openssl-ecparam.pod.in | 9 +++- doc/man1/openssl-format-options.pod | 10 ++-- doc/man1/openssl-pkey.pod.in | 3 +- doc/man1/openssl-pkeyutl.pod.in | 9 +--- doc/man1/openssl-req.pod.in | 9 ++-- doc/man1/openssl-rsa.pod.in | 3 +- doc/man1/openssl-rsautl.pod.in
FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro 284076982d APPS: Slightly extend and improve documentation of the opt_ API 6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect" 72d2670bd2 Enforce secure renegotiation support by default 8369592d35 Fix missing symbols in no-cms and no-ts build b039c87a4c mac: add EVP_MAC_finalXOF() function 6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF a59c69724d doc: document EVP_MAC_finalXOF() f7050588bc Add .includedir pragma 3fb985fd04 Allow absolute paths to be set 1127754e48 Note that dhparam does support X9.42 97b59744f2 cleanup where purpose is not needed in 25-test_verify.t eca4826a29 test/certs/setup.sh: Fix two glitches c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID 4f449d90dd test/certs/setup.sh: structural cleanup a485561b2e Fetch cipher-wrap after loading providers. 2b05439f84 Fix KMAC bounds checks. 029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3 355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs 79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation 9520fe5f49 testutil/load.c: Add checks for file(name) == NULL 8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF 6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect() 6e328484ab OSSL_STORE_expect(): Improve error handling and documentation 7031f5821c OCSP: Minor improvements of documentation and header file bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE f9548d21ba Document the new core BIO public API support 93954ab050 Add a test for the public core bio API b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio() e3188bae04 Run coveralls daily and not exactly at midnight 9deb202e6a coveralls: Enable fips as it is disabled by default a0baa98b5c apps: Switch to X509_REQ_verify_ex 67cd43084c test: fix failure with FIPS and no-des configured. 5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands 49ce003740 APPS: Set a default passphrase UI for the "ec" command f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml 49f699b54d GitHub CI: ensure that unifdef is installed be22315235 FIPS module checksums: add scripts and Makefile rule 27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources 841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm 02669b677e Windows build file: add forgotten quotes on POD->html command line 0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up! Build log ended with (last 100 lines): 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # Killing mock server with pid=117415580-test_cmp_http.t . ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok 81-test_cmp_cli.t
[openssl] master update
The branch master has been updated via b86fa8c55682169c88e14e616170d6caeb208865 (commit) via c4c8791e145a7cb2d59e73410505e36e4d57ff78 (commit) from a35536b52d91d02cbfeef22d1373a92252d19d62 (commit) - Log - commit b86fa8c55682169c88e14e616170d6caeb208865 Author: EasySec Date: Tue May 4 00:24:24 2021 +0200 try to document changes in salt handling for the 'enc' command Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/4486) commit c4c8791e145a7cb2d59e73410505e36e4d57ff78 Author: EasySec Date: Sat Dec 30 16:19:47 2017 +0100 change salt handling, way 1 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/4486) --- Summary of changes: apps/enc.c | 74 + doc/man1/openssl-enc.pod.in | 10 -- 2 files changed, 48 insertions(+), 36 deletions(-) diff --git a/apps/enc.c b/apps/enc.c index 4339ba4114..32ed08d943 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -429,14 +429,11 @@ int enc_main(int argc, char **argv) } if (cipher != NULL) { -/* - * Note that str is NULL if a key was passed on the command line, so - * we get no salt in that case. Is this a bug? - */ -if (str != NULL) { +if (str != NULL) { /* a passphrase is available */ /* - * Salt handling: if encrypting generate a salt and write to - * output BIO. If decrypting read salt from input BIO. + * Salt handling: if encrypting generate a salt if not supplied, + * and write to output BIO. If decrypting use salt from input BIO + * if not given with args */ unsigned char *sptr; size_t str_len = strlen(str); @@ -444,36 +441,47 @@ int enc_main(int argc, char **argv) if (nosalt) { sptr = NULL; } else { -if (enc) { -if (hsalt) { -if (!set_hex(hsalt, salt, sizeof(salt))) { -BIO_printf(bio_err, "invalid hex salt value\n"); +if (hsalt != NULL && !set_hex(hsalt, salt, sizeof(salt))) { +BIO_printf(bio_err, "invalid hex salt value\n"); +goto end; +} +if (enc) { /* encryption */ +if (hsalt == NULL) { +if (RAND_bytes(salt, sizeof(salt)) <= 0) { +BIO_printf(bio_err, "RAND_bytes failed\n"); +goto end; +} +/* + * If -P option then don't bother writing. + * If salt is given, shouldn't either ? + */ +if ((printkey != 2) +&& (BIO_write(wbio, magic, + sizeof(magic) - 1) != sizeof(magic) - 1 +|| BIO_write(wbio, + (char *)salt, + sizeof(salt)) != sizeof(salt))) { +BIO_printf(bio_err, "error writing output file\n"); goto end; } -} else if (RAND_bytes(salt, sizeof(salt)) <= 0) { -goto end; } -/* - * If -P option then don't bother writing - */ -if ((printkey != 2) -&& (BIO_write(wbio, magic, - sizeof(magic) - 1) != sizeof(magic) - 1 -|| BIO_write(wbio, - (char *)salt, - sizeof(salt)) != sizeof(salt))) { -BIO_printf(bio_err, "error writing output file\n"); -goto end; +} else {/* decryption */ +if (hsalt == NULL) { +if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) { +BIO_printf(bio_err, "error reading input file\n"); +goto end; +} +if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */ +if (BIO_read(rbio, salt, + sizeof(salt)) != sizeof(salt)) { +BIO_printf(bio_err, "error reading input file\n"); +goto end; +} +
SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro 284076982d APPS: Slightly extend and improve documentation of the opt_ API 6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect" 72d2670bd2 Enforce secure renegotiation support by default 8369592d35 Fix missing symbols in no-cms and no-ts build b039c87a4c mac: add EVP_MAC_finalXOF() function 6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF a59c69724d doc: document EVP_MAC_finalXOF() f7050588bc Add .includedir pragma 3fb985fd04 Allow absolute paths to be set 1127754e48 Note that dhparam does support X9.42 97b59744f2 cleanup where purpose is not needed in 25-test_verify.t eca4826a29 test/certs/setup.sh: Fix two glitches c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID 4f449d90dd test/certs/setup.sh: structural cleanup a485561b2e Fetch cipher-wrap after loading providers. 2b05439f84 Fix KMAC bounds checks. 029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3 355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs 79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation 9520fe5f49 testutil/load.c: Add checks for file(name) == NULL 8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF 6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect() 6e328484ab OSSL_STORE_expect(): Improve error handling and documentation 7031f5821c OCSP: Minor improvements of documentation and header file bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE f9548d21ba Document the new core BIO public API support 93954ab050 Add a test for the public core bio API b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio() e3188bae04 Run coveralls daily and not exactly at midnight 9deb202e6a coveralls: Enable fips as it is disabled by default a0baa98b5c apps: Switch to X509_REQ_verify_ex 67cd43084c test: fix failure with FIPS and no-des configured. 5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands 49ce003740 APPS: Set a default passphrase UI for the "ec" command f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml 49f699b54d GitHub CI: ensure that unifdef is installed be22315235 FIPS module checksums: add scripts and Makefile rule 27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources 841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm 02669b677e Windows build file: add forgotten quotes on POD->html command line 0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!