[openssl] master update
The branch master has been updated via 3f15358c7974573c12b94b01cb53d23e3c568310 (commit) from 6ef8d2c69b3f0371d44d120bde41de25c4040a75 (commit) - Log - commit 3f15358c7974573c12b94b01cb53d23e3c568310 Author: Tomas Mraz Date: Wed Aug 4 19:27:48 2021 +0200 X509_STORE_CTX_get_error: Fix some minor documentation issues Original PR by Eric Valcik (https://github.com/openssl/openssl/pull/12302) Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16219) --- Summary of changes: doc/man3/X509_STORE_CTX_get_error.pod | 9 +++-- 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index 023025afca..04005f3ecd 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -142,7 +142,7 @@ The signature of the certificate is invalid. =item B -The signature of the certificate is invalid. +The signature of the CRL is invalid. =item B @@ -250,7 +250,6 @@ authority and subject key identifier mismatch> The current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. -Not used as of OpenSSL 1.1.0. =item B @@ -258,14 +257,12 @@ authority and issuer serial number mismatch> The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. -Not used as of OpenSSL 1.1.0. =item B The current candidate issuer certificate was rejected because its C extension does not permit certificate signing. -Not used as of OpenSSL 1.1.0. =item B @@ -435,11 +432,11 @@ Returned by the verify callback to indicate OCSP verification failed. Returned by the verify callback to indicate that the certificate is not recognized by the OCSP responder. -=item B<509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key> +=item B The issuer certificate does not have a public key. -=item B +=item B The issuer's public key is not of the type required by the signature in the subject's certificate.
[openssl] master update
The branch master has been updated via 6ef8d2c69b3f0371d44d120bde41de25c4040a75 (commit) from 37578dc02df99011c2a4c57ac06c49bd40829dc9 (commit) - Log - commit 6ef8d2c69b3f0371d44d120bde41de25c4040a75 Author: Kelvin Lee Date: Thu Sep 10 15:58:13 2020 +1000 Fix VS2019 compile error C4703: potentially uninitialized local pointer variable used. encode_key2text.c(689): error C4703: potentially uninitialized local pointer variable 'modulus_label' used encode_key2text.c(691): error C4703: potentially uninitialized local pointer variable 'exponent_label' used CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12845) --- Summary of changes: providers/implementations/encode_decode/encode_key2text.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index a1fc7ab498..f8f9712e96 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -633,8 +633,8 @@ static int rsa_to_text(BIO *out, const void *key, int selection) { const RSA *rsa = key; const char *type_label = "RSA key"; -const char *modulus_label; -const char *exponent_label; +const char *modulus_label = NULL; +const char *exponent_label = NULL; const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; STACK_OF(BIGNUM_const) *factors = NULL; STACK_OF(BIGNUM_const) *exps = NULL;
[openssl] master update
The branch master has been updated via 37578dc02df99011c2a4c57ac06c49bd40829dc9 (commit) via f5c0f696193fa28741dfc08ab6b024cd07e38e5e (commit) from 204323446e11d7062dc193e5e3986295925bd7b7 (commit) - Log - commit 37578dc02df99011c2a4c57ac06c49bd40829dc9 Author: Tomas Mraz Date: Wed Aug 4 14:55:30 2021 +0200 cms: Fix handling of -rctform option Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16216) commit f5c0f696193fa28741dfc08ab6b024cd07e38e5e Author: Tomas Mraz Date: Wed Aug 4 14:51:49 2021 +0200 cms: Do not try to check binary format on stdin Fixes #16195 Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16216) --- Summary of changes: apps/cms.c | 14 ++ 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index 58ce54e454..c22027e3b1 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -278,6 +278,8 @@ static void warn_binary(const char *file) unsigned char linebuf[1024], *cur, *end; int len; +if (file == NULL) +return; /* cannot give a warning for stdin input */ if ((bio = bio_open_default(file, 'r', FORMAT_BINARY)) == NULL) return; /* cannot give a proper warning since there is an error */ while ((len = BIO_read(bio, linebuf, sizeof(linebuf))) > 0) { @@ -482,13 +484,9 @@ int cms_main(int argc, char **argv) rr_allorfirst = 1; break; case OPT_RCTFORM: -if (rctformat == FORMAT_ASN1) { -if (!opt_format(opt_arg(), -OPT_FMT_PEMDER | OPT_FMT_SMIME, )) -goto opthelp; -} else { -rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient"); -} +if (!opt_format(opt_arg(), +OPT_FMT_PEMDER | OPT_FMT_SMIME, )) +goto opthelp; break; case OPT_CERTFILE: certfile = opt_arg(); @@ -954,7 +952,7 @@ int cms_main(int argc, char **argv) goto end; } -rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient"); +rcms = load_content_info(rctformat, rctin, 0, NULL, "receipt"); if (rcms == NULL) goto end; }
[openssl] master update
The branch master has been updated via 204323446e11d7062dc193e5e3986295925bd7b7 (commit) from 3d4ca443b4778e3230ff23f17625f58f815a9142 (commit) - Log - commit 204323446e11d7062dc193e5e3986295925bd7b7 Author: Tomas Mraz Date: Wed Aug 4 11:36:24 2021 +0200 req: Avoid segfault when -modulus is used Fixes #16196 Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16215) --- Summary of changes: apps/req.c | 4 ++-- test/recipes/25-test_req.t | 7 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/apps/req.c b/apps/req.c index 5524092f2c..a0ecda8225 100644 --- a/apps/req.c +++ b/apps/req.c @@ -996,8 +996,8 @@ int req_main(int argc, char **argv) if (EVP_PKEY_is_a(tpubkey, "RSA")) { BIGNUM *n = NULL; -/* Every RSA key has an 'n' */ -EVP_PKEY_get_bn_param(pkey, "n", ); +if (!EVP_PKEY_get_bn_param(tpubkey, "n", )) +goto end; BN_print(out, n); BN_free(n); } else { diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 084d70bca5..a405810ae2 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -78,7 +78,7 @@ subtest "generating alt certificate requests with RSA" => sub { subtest "generating certificate requests with RSA" => sub { -plan tests => 7; +plan tests => 8; SKIP: { skip "RSA is not supported by this OpenSSL build", 2 @@ -103,6 +103,11 @@ subtest "generating certificate requests with RSA" => sub { "-verify", "-in", "testreq-rsa.pem", "-noout"])), "Verifying signature on request"); +ok(run(app(["openssl", "req", +"-config", srctop_file("test", "test.cnf"), +"-modulus", "-in", "testreq-rsa.pem", "-noout"])), + "Printing a modulus of the request key"); + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5b31b9df7f89d2c2cb935c5e50a912cd048c07c9 (commit) from ba4c89a9700ff07cecde90248707056292bf36d1 (commit) - Log - commit 5b31b9df7f89d2c2cb935c5e50a912cd048c07c9 Author: Billy Brumley Date: Wed Aug 4 10:45:52 2021 +0300 [doc/man3] documentation: BN_cmp manpage updates Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16214) (cherry picked from commit 3d4ca443b4778e3230ff23f17625f58f815a9142) --- Summary of changes: doc/man3/BN_cmp.pod | 41 +++-- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/doc/man3/BN_cmp.pod b/doc/man3/BN_cmp.pod index 95d162ff29..261619c512 100644 --- a/doc/man3/BN_cmp.pod +++ b/doc/man3/BN_cmp.pod @@ -2,42 +2,47 @@ =head1 NAME -BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions =head1 SYNOPSIS #include - int BN_cmp(BIGNUM *a, BIGNUM *b); - int BN_ucmp(BIGNUM *a, BIGNUM *b); + int BN_cmp(const BIGNUM *a, const BIGNUM *b); + int BN_ucmp(const BIGNUM *a, const BIGNUM *b); - int BN_is_zero(BIGNUM *a); - int BN_is_one(BIGNUM *a); - int BN_is_word(BIGNUM *a, BN_ULONG w); - int BN_is_odd(BIGNUM *a); + int BN_is_zero(const BIGNUM *a); + int BN_is_one(const BIGNUM *a); + int BN_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_is_odd(const BIGNUM *a); =head1 DESCRIPTION -BN_cmp() compares the numbers B and B. BN_ucmp() compares their +BN_cmp() compares the numbers I and I. BN_ucmp() compares their absolute values. -BN_is_zero(), BN_is_one() and BN_is_word() test if B equals 0, 1, -or B respectively. BN_is_odd() tests if a is odd. - -BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros. +BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if +I equals 0, 1, I, or EIE respectively. +BN_is_odd() tests if I is odd. =head1 RETURN VALUES -BN_cmp() returns -1 if B E B, 0 if B == B and 1 if -B E B. BN_ucmp() is the same using the absolute values -of B and B. +BN_cmp() returns -1 if I E I, 0 if I == I and 1 if +I E I. BN_ucmp() is the same using the absolute values +of I and I. + +BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and +BN_is_odd() return 1 if the condition is true, 0 otherwise. + +=head1 HISTORY -BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if -the condition is true, 0 otherwise. +Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(), +BN_abs_is_word() and BN_is_odd() were macros. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy
[openssl] master update
The branch master has been updated via 3d4ca443b4778e3230ff23f17625f58f815a9142 (commit) from 46d51520319b8e4220b203c517b1232cf33a579f (commit) - Log - commit 3d4ca443b4778e3230ff23f17625f58f815a9142 Author: Billy Brumley Date: Wed Aug 4 10:45:52 2021 +0300 [doc/man3] documentation: BN_cmp manpage updates Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16214) --- Summary of changes: doc/man3/BN_cmp.pod | 41 +++-- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/doc/man3/BN_cmp.pod b/doc/man3/BN_cmp.pod index da4e1fe8b8..f302818f21 100644 --- a/doc/man3/BN_cmp.pod +++ b/doc/man3/BN_cmp.pod @@ -2,42 +2,47 @@ =head1 NAME -BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions =head1 SYNOPSIS #include - int BN_cmp(BIGNUM *a, BIGNUM *b); - int BN_ucmp(BIGNUM *a, BIGNUM *b); + int BN_cmp(const BIGNUM *a, const BIGNUM *b); + int BN_ucmp(const BIGNUM *a, const BIGNUM *b); - int BN_is_zero(BIGNUM *a); - int BN_is_one(BIGNUM *a); - int BN_is_word(BIGNUM *a, BN_ULONG w); - int BN_is_odd(BIGNUM *a); + int BN_is_zero(const BIGNUM *a); + int BN_is_one(const BIGNUM *a); + int BN_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_is_odd(const BIGNUM *a); =head1 DESCRIPTION -BN_cmp() compares the numbers B and B. BN_ucmp() compares their +BN_cmp() compares the numbers I and I. BN_ucmp() compares their absolute values. -BN_is_zero(), BN_is_one() and BN_is_word() test if B equals 0, 1, -or B respectively. BN_is_odd() tests if a is odd. - -BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros. +BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if +I equals 0, 1, I, or EIE respectively. +BN_is_odd() tests if I is odd. =head1 RETURN VALUES -BN_cmp() returns -1 if B E B, 0 if B == B and 1 if -B E B. BN_ucmp() is the same using the absolute values -of B and B. +BN_cmp() returns -1 if I E I, 0 if I == I and 1 if +I E I. BN_ucmp() is the same using the absolute values +of I and I. + +BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and +BN_is_odd() return 1 if the condition is true, 0 otherwise. + +=head1 HISTORY -BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if -the condition is true, 0 otherwise. +Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(), +BN_abs_is_word() and BN_is_odd() were macros. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy
[openssl] master update
The branch master has been updated via 46d51520319b8e4220b203c517b1232cf33a579f (commit) via 5cdeb99f9c8ab0ee5a4b17c677fc054f5acc0b2c (commit) from d209fc6cce47be332ca10dbef1ada8077a22fb38 (commit) - Log - commit 46d51520319b8e4220b203c517b1232cf33a579f Author: Pauli Date: Thu Aug 5 09:25:56 2021 +1000 test: add -macopt hexkey: to dgst command tests Comparison checksum generated using 1.1.1f. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16212) commit 5cdeb99f9c8ab0ee5a4b17c677fc054f5acc0b2c Author: Pauli Date: Wed Aug 4 13:30:44 2021 +1000 ctrls: add missing control string translation for key -> priv for HMAC Fixes #16200 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16212) --- Summary of changes: crypto/evp/ctrl_params_translate.c | 2 +- test/recipes/20-test_dgst.t| 17 - 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 4ea17380af..a441c1f4b7 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -2221,7 +2221,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = { EVP_PKEY_CTRL_CIPHER, NULL, NULL, OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher }, { SET, -1, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, NULL, NULL, + EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey", OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL }, { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index d64d810edd..5af74aec2a 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -17,7 +17,7 @@ use OpenSSL::Test::Utils; setup("test_dgst"); -plan tests => 8; +plan tests => 9; sub tsignverify { my $testtext = shift; @@ -131,6 +131,21 @@ subtest "HMAC generation with `dgst` CLI, default digest" => sub { "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); }; +subtest "HMAC generation with `dgst` CLI, key via option" => sub { +plan tests => 2; + +my $testdata = srctop_file('test', 'data.bin'); +#HMAC the data twice to check consistency +my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac', +'-macopt', 'hexkey:', +$testdata, $testdata]), capture => 1); +chomp(@hmacdata); +my $expected = qr/HMAC-SHA2-256\(\Q$testdata\E\)= b6727b7bb251dfa65846e0a8223bdd57d244aa6d7e312cb906d8e21f2dee3a57/; +ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)"); +ok($hmacdata[1] =~ $expected, + "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); +}; + subtest "Custom length XOF digest generation with `dgst` CLI" => sub { plan tests => 2;
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DovSu_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF-2B9AORebFkYJRCqpwsmML4glCuU8dMQ0xS07gRuQ2X-2Ftk89JUKkKLzNw-2FbDLYtMwKTEuwY0p7U9wtOXXF9mNNsiKmq4I2ve9s1clsrBau30vWSk8xvmb68KZPoyhjULcW27jO2smJelGdmVbaL4fiPv8wF-2BdAsDeVT7t74GIlvSnA3sN8U2l25BRnvtg9bIWs-3D Build ID: 400830 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DkTQX_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGq-2FGL0MNcTrH-2BvkgKizJvE1BvRZCHgWZrpvBgkc00Qi0zoIQeQZXq-2FdZD-2FdH5D-2BfgPjMFfA7ZqDlnRI7hgKJ2HtoacVzHNsEG3VaPwAxT6TaA-2B3-2Bk2vjJQZ7AFzASd77y0wFb3NiVukBlBVVxPryJaNdJS74sQkTxRCIq385fGJkPMIsSs5ujbVzNTubPizpg-3D Build ID: 400829 Analysis Summary: New defects found: 0 Defects eliminated: 0