[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via 3755dc294d2e24b741e235550d063850464467cb (commit)
from b64b8e39cfb5e89c0af8b9127a414cf529192846 (commit)
- Log -
commit 3755dc294d2e24b741e235550d063850464467cb
Author: Tomas Mraz
Date: Mon Jan 10 17:26:33 2022 +0100
pkeyutl: Fix regression with -kdflen option
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17461)
(cherry picked from commit b82fd89d8bae1445c89ec90d1a6145fe3216d2d7)
---
Summary of changes:
apps/pkeyutl.c | 26 +-
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 73012e3069..891f2280e3 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -464,23 +464,23 @@ int pkeyutl_main(int argc, char **argv)
}
goto end;
}
-if (kdflen != 0) {
-buf_outlen = kdflen;
-rv = 1;
+if (rawin) {
+/* rawin allocates the buffer in do_raw_keyop() */
+rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0,
+ _out, (size_t *)_outlen);
} else {
-if (rawin) {
-/* rawin allocates the buffer in do_raw_keyop() */
-rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0,
- _out, (size_t *)_outlen);
+if (kdflen != 0) {
+buf_outlen = kdflen;
+rv = 1;
} else {
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)_outlen,
buf_in, (size_t)buf_inlen);
-if (rv > 0 && buf_outlen != 0) {
-buf_out = app_malloc(buf_outlen, "buffer output");
-rv = do_keyop(ctx, pkey_op,
- buf_out, (size_t *)_outlen,
- buf_in, (size_t)buf_inlen);
-}
+}
+if (rv > 0 && buf_outlen != 0) {
+buf_out = app_malloc(buf_outlen, "buffer output");
+rv = do_keyop(ctx, pkey_op,
+ buf_out, (size_t *)_outlen,
+ buf_in, (size_t)buf_inlen);
}
}
if (rv <= 0) {
[openssl] master update
The branch master has been updated
via b82fd89d8bae1445c89ec90d1a6145fe3216d2d7 (commit)
from f5e97b3702916e69873746108ac7c100a31d2241 (commit)
- Log -
commit b82fd89d8bae1445c89ec90d1a6145fe3216d2d7
Author: Tomas Mraz
Date: Mon Jan 10 17:26:33 2022 +0100
pkeyutl: Fix regression with -kdflen option
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17461)
---
Summary of changes:
apps/pkeyutl.c | 26 +-
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 9e18dfc0e9..01c4f064d2 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -463,23 +463,23 @@ int pkeyutl_main(int argc, char **argv)
}
goto end;
}
-if (kdflen != 0) {
-buf_outlen = kdflen;
-rv = 1;
+if (rawin) {
+/* rawin allocates the buffer in do_raw_keyop() */
+rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0,
+ _out, (size_t *)_outlen);
} else {
-if (rawin) {
-/* rawin allocates the buffer in do_raw_keyop() */
-rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0,
- _out, (size_t *)_outlen);
+if (kdflen != 0) {
+buf_outlen = kdflen;
+rv = 1;
} else {
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)_outlen,
buf_in, (size_t)buf_inlen);
-if (rv > 0 && buf_outlen != 0) {
-buf_out = app_malloc(buf_outlen, "buffer output");
-rv = do_keyop(ctx, pkey_op,
- buf_out, (size_t *)_outlen,
- buf_in, (size_t)buf_inlen);
-}
+}
+if (rv > 0 && buf_outlen != 0) {
+buf_out = app_malloc(buf_outlen, "buffer output");
+rv = do_keyop(ctx, pkey_op,
+ buf_out, (size_t *)_outlen,
+ buf_in, (size_t)buf_inlen);
}
}
if (rv <= 0) {
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via b64b8e39cfb5e89c0af8b9127a414cf529192846 (commit)
from 56de678e426e619f01e70247fa669c45986aa205 (commit)
- Log -
commit b64b8e39cfb5e89c0af8b9127a414cf529192846
Author: Matt Caswell
Date: Mon Jan 10 14:46:46 2022 +
Ensure we test fetching encoder/decoder/store loader with a query string
Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.
Reviewed-by: Tomas Mraz
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17459)
---
Summary of changes:
test/provfetchtest.c | 19 +--
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/test/provfetchtest.c b/test/provfetchtest.c
index 95ae87910e..aae9b40057 100644
--- a/test/provfetchtest.c
+++ b/test/provfetchtest.c
@@ -225,6 +225,7 @@ static int dummy_provider_init(const OSSL_CORE_HANDLE
*handle,
* Test 1: Encoder
* Test 2: Store loader
* Test 3: EVP_RAND
+ * Test 4-7: As above, but additionally with a query string
*/
static int fetch_test(int tst)
{
@@ -236,6 +237,7 @@ static int fetch_test(int tst)
OSSL_STORE_LOADER *loader = NULL;
int testresult = 0;
unsigned char buf[32];
+int query = tst > 3;
if (!TEST_ptr(libctx))
goto err;
@@ -246,24 +248,29 @@ static int fetch_test(int tst)
|| !TEST_ptr(dummyprov = OSSL_PROVIDER_load(libctx, "dummy-prov")))
goto err;
-switch(tst) {
+switch (tst % 4) {
case 0:
-decoder = OSSL_DECODER_fetch(libctx, "DUMMY", NULL);
+decoder = OSSL_DECODER_fetch(libctx, "DUMMY",
+ query ? "provider=dummy" : NULL);
if (!TEST_ptr(decoder))
goto err;
break;
case 1:
-encoder = OSSL_ENCODER_fetch(libctx, "DUMMY", NULL);
+encoder = OSSL_ENCODER_fetch(libctx, "DUMMY",
+ query ? "provider=dummy" : NULL);
if (!TEST_ptr(encoder))
goto err;
break;
case 2:
-loader = OSSL_STORE_LOADER_fetch(libctx, "DUMMY", NULL);
+loader = OSSL_STORE_LOADER_fetch(libctx, "DUMMY",
+ query ? "provider=dummy" : NULL);
if (!TEST_ptr(loader))
goto err;
break;
case 3:
-if (!TEST_true(RAND_set_DRBG_type(libctx, "DUMMY", NULL, NULL, NULL))
+if (!TEST_true(RAND_set_DRBG_type(libctx, "DUMMY",
+ query ? "provider=dummy" : NULL,
+ NULL, NULL))
|| !TEST_int_ge(RAND_bytes_ex(libctx, buf, sizeof(buf), 0), 1))
goto err;
break;
@@ -284,7 +291,7 @@ static int fetch_test(int tst)
int setup_tests(void)
{
-ADD_ALL_TESTS(fetch_test, 4);
+ADD_ALL_TESTS(fetch_test, 8);
return 1;
}
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via 56de678e426e619f01e70247fa669c45986aa205 (commit)
from 408ba1775a82bad57f2e1a4bb4078e4b82cef10b (commit)
- Log -
commit 56de678e426e619f01e70247fa669c45986aa205
Author: Matt Caswell
Date: Mon Jan 10 14:45:16 2022 +
Fix Decoder, Encoder and Store loader fetching
Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()
Fixes #17456
Reviewed-by: Tomas Mraz
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17459)
(cherry picked from commit cd1981a0dc165ab6af5e2945beaaa9efe4484cee)
---
Summary of changes:
crypto/encode_decode/decoder_meth.c | 5 +++--
crypto/encode_decode/encoder_meth.c | 5 +++--
crypto/store/store_meth.c | 5 +++--
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/crypto/encode_decode/decoder_meth.c
b/crypto/encode_decode/decoder_meth.c
index 6d44437314..25407b8999 100644
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -375,13 +375,14 @@ inner_ossl_decoder_fetch(struct decoder_data_st
*methdata, int id,
construct_decoder,
destruct_decoder
};
+OSSL_PROVIDER *prov = NULL;
methdata->id = id;
methdata->names = name;
methdata->propquery = properties;
methdata->flag_construct_error_occurred = 0;
if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_DECODER,
-NULL, 0 /* !force_cache */,
+, 0 /* !force_cache */,
, methdata)) != NULL) {
/*
* If construction did create a method for us, we know that
@@ -392,7 +393,7 @@ inner_ossl_decoder_fetch(struct decoder_data_st *methdata,
int id,
if (id == 0 && name != NULL)
id = ossl_namemap_name2num(namemap, name);
if (id != 0)
-ossl_method_store_cache_set(store, NULL, id, properties,
method,
+ossl_method_store_cache_set(store, prov, id, properties,
method,
up_ref_decoder, free_decoder);
}
diff --git a/crypto/encode_decode/encoder_meth.c
b/crypto/encode_decode/encoder_meth.c
index 9c0214db6b..43eca755ac 100644
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -385,13 +385,14 @@ inner_ossl_encoder_fetch(struct encoder_data_st
*methdata, int id,
construct_encoder,
destruct_encoder
};
+OSSL_PROVIDER *prov = NULL;
methdata->id = id;
methdata->names = name;
methdata->propquery = properties;
methdata->flag_construct_error_occurred = 0;
if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_ENCODER,
-NULL, 0 /* !force_cache */,
+, 0 /* !force_cache */,
, methdata)) != NULL) {
/*
* If construction did create a method for us, we know that
@@ -401,7 +402,7 @@ inner_ossl_encoder_fetch(struct encoder_data_st *methdata,
int id,
*/
if (id == 0)
id = ossl_namemap_name2num(namemap, name);
-ossl_method_store_cache_set(store, NULL, id, properties, method,
+ossl_method_store_cache_set(store, prov, id, properties, method,
up_ref_encoder, free_encoder);
}
diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c
index e79ec871fd..10b56bc685 100644
--- a/crypto/store/store_meth.c
+++ b/crypto/store/store_meth.c
@@ -317,13 +317,14 @@ inner_loader_fetch(struct loader_data_st *methdata, int
id,
construct_loader,
destruct_loader
};
+OSSL_PROVIDER *prov = NULL;
methdata->scheme_id = id;
methdata->scheme = scheme;
methdata->propquery = properties;
methdata->flag_construct_error_occurred = 0;
if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_STORE,
-NULL, 0 /* !force_cache */,
+, 0 /* !force_cache */,
, methdata)) != NULL) {
/*
* If construction did create a method for us, we know that there
@@ -332,7 +333,7 @@ inner_loader_fetch(struct loader_data_st *methdata, int id,
*/
if (id == 0)
[openssl] master update
The branch master has been updated
via f5e97b3702916e69873746108ac7c100a31d2241 (commit)
via cd1981a0dc165ab6af5e2945beaaa9efe4484cee (commit)
from 254217a4a0c9e64869495447a0e6bdc2323d4cd1 (commit)
- Log -
commit f5e97b3702916e69873746108ac7c100a31d2241
Author: Matt Caswell
Date: Mon Jan 10 14:46:46 2022 +
Ensure we test fetching encoder/decoder/store loader with a query string
Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.
Reviewed-by: Tomas Mraz
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17459)
commit cd1981a0dc165ab6af5e2945beaaa9efe4484cee
Author: Matt Caswell
Date: Mon Jan 10 14:45:16 2022 +
Fix Decoder, Encoder and Store loader fetching
Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()
Fixes #17456
Reviewed-by: Tomas Mraz
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17459)
---
Summary of changes:
crypto/encode_decode/decoder_meth.c | 5 +++--
crypto/encode_decode/encoder_meth.c | 5 +++--
crypto/store/store_meth.c | 5 +++--
test/provfetchtest.c| 19 +--
4 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/crypto/encode_decode/decoder_meth.c
b/crypto/encode_decode/decoder_meth.c
index 6d44437314..25407b8999 100644
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -375,13 +375,14 @@ inner_ossl_decoder_fetch(struct decoder_data_st
*methdata, int id,
construct_decoder,
destruct_decoder
};
+OSSL_PROVIDER *prov = NULL;
methdata->id = id;
methdata->names = name;
methdata->propquery = properties;
methdata->flag_construct_error_occurred = 0;
if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_DECODER,
-NULL, 0 /* !force_cache */,
+, 0 /* !force_cache */,
, methdata)) != NULL) {
/*
* If construction did create a method for us, we know that
@@ -392,7 +393,7 @@ inner_ossl_decoder_fetch(struct decoder_data_st *methdata,
int id,
if (id == 0 && name != NULL)
id = ossl_namemap_name2num(namemap, name);
if (id != 0)
-ossl_method_store_cache_set(store, NULL, id, properties,
method,
+ossl_method_store_cache_set(store, prov, id, properties,
method,
up_ref_decoder, free_decoder);
}
diff --git a/crypto/encode_decode/encoder_meth.c
b/crypto/encode_decode/encoder_meth.c
index 9c0214db6b..43eca755ac 100644
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -385,13 +385,14 @@ inner_ossl_encoder_fetch(struct encoder_data_st
*methdata, int id,
construct_encoder,
destruct_encoder
};
+OSSL_PROVIDER *prov = NULL;
methdata->id = id;
methdata->names = name;
methdata->propquery = properties;
methdata->flag_construct_error_occurred = 0;
if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_ENCODER,
-NULL, 0 /* !force_cache */,
+, 0 /* !force_cache */,
, methdata)) != NULL) {
/*
* If construction did create a method for us, we know that
@@ -401,7 +402,7 @@ inner_ossl_encoder_fetch(struct encoder_data_st *methdata,
int id,
*/
if (id == 0)
id = ossl_namemap_name2num(namemap, name);
-ossl_method_store_cache_set(store, NULL, id, properties, method,
+ossl_method_store_cache_set(store, prov, id, properties, method,
up_ref_encoder, free_encoder);
}
diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c
index e79ec871fd..10b56bc685 100644
--- a/crypto/store/store_meth.c
+++ b/crypto/store/store_meth.c
@@ -317,13 +317,14 @@ inner_loader_fetch(struct loader_data_st *methdata, int
id,
construct_loader,
destruct_loader
};
+OSSL_PROVIDER *prov = NULL;
methdata->scheme_id = id;
methdata->scheme = scheme;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 408ba1775a82bad57f2e1a4bb4078e4b82cef10b (commit) from 576cc3ecb34a8909bf549798430de95fc0fb4042 (commit) - Log - commit 408ba1775a82bad57f2e1a4bb4078e4b82cef10b Author: Matt Caswell Date: Fri Jan 7 17:30:39 2022 + Clarify the int param getter documentation OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too large to fit into the C variable. We clarify this in the documentation. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17445) (cherry picked from commit 254217a4a0c9e64869495447a0e6bdc2323d4cd1) --- Summary of changes: doc/man3/EVP_PKEY_gettable_params.pod | 9 + 1 file changed, 9 insertions(+) diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod index 23ac4bd8b0..29b8ec822b 100644 --- a/doc/man3/EVP_PKEY_gettable_params.pod +++ b/doc/man3/EVP_PKEY_gettable_params.pod @@ -37,6 +37,15 @@ EVP_PKEY_gettable_params() returns a constant list of I indicating the names and types of key parameters that can be retrieved. See L for information about parameters. +An B of type B or +B is of arbitrary length. Such a parameter can be +obtained using any of the functions EVP_PKEY_get_int_param(), +EVP_PKEY_get_size_t_param() or EVP_PKEY_get_bn_param(). Attempting to +obtain an integer value that does not fit into a native C B type will cause +EVP_PKEY_get_int_param() to fail. Similarly attempting to obtain an integer +value that is negative or does not fit into a native C B type using +EVP_PKEY_get_size_t_param() will also fail. + EVP_PKEY_get_int_param() retrieves a key I integer value I<*out> associated with a name of I.
[openssl] master update
The branch master has been updated via 254217a4a0c9e64869495447a0e6bdc2323d4cd1 (commit) from e5fb4b1469f317aa92768cdf804dfa29b72cb8f3 (commit) - Log - commit 254217a4a0c9e64869495447a0e6bdc2323d4cd1 Author: Matt Caswell Date: Fri Jan 7 17:30:39 2022 + Clarify the int param getter documentation OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too large to fit into the C variable. We clarify this in the documentation. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17445) --- Summary of changes: doc/man3/EVP_PKEY_gettable_params.pod | 9 + 1 file changed, 9 insertions(+) diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod index a3ccf8ec5f..383ca6eb58 100644 --- a/doc/man3/EVP_PKEY_gettable_params.pod +++ b/doc/man3/EVP_PKEY_gettable_params.pod @@ -37,6 +37,15 @@ EVP_PKEY_gettable_params() returns a constant list of I indicating the names and types of key parameters that can be retrieved. See L for information about parameters. +An B of type B or +B is of arbitrary length. Such a parameter can be +obtained using any of the functions EVP_PKEY_get_int_param(), +EVP_PKEY_get_size_t_param() or EVP_PKEY_get_bn_param(). Attempting to +obtain an integer value that does not fit into a native C B type will cause +EVP_PKEY_get_int_param() to fail. Similarly attempting to obtain an integer +value that is negative or does not fit into a native C B type using +EVP_PKEY_get_size_t_param() will also fail. + EVP_PKEY_get_int_param() retrieves a key I integer value I<*out> associated with a name of I.
[openssl] master update
The branch master has been updated
via e5fb4b1469f317aa92768cdf804dfa29b72cb8f3 (commit)
from 2c2724476ef50b8926b033f009bdfc85ac3f1816 (commit)
- Log -
commit e5fb4b1469f317aa92768cdf804dfa29b72cb8f3
Author: Dmitry Belyavskiy
Date: Sun Jan 9 17:39:41 2022 +0100
Don't run TLSFuzzer tests when it is not properly set
Reviewed-by: Bernd Edlinger
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17448)
---
Summary of changes:
test/recipes/95-test_external_tlsfuzzer.t | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/recipes/95-test_external_tlsfuzzer.t
b/test/recipes/95-test_external_tlsfuzzer.t
index e506f8007a..265968e02d 100644
--- a/test/recipes/95-test_external_tlsfuzzer.t
+++ b/test/recipes/95-test_external_tlsfuzzer.t
@@ -18,8 +18,8 @@ plan skip_all => "No external tests in this configuration"
if disabled("external-tests");
plan skip_all => "TLSFuzzer tests not available on Windows or VMS"
if $^O =~ /^(VMS|MSWin32)$/;
-plan skip_all => "TLSFuzzer tests not supported in out of tree builds"
-if bldtop_dir() ne srctop_dir();
+plan skip_all => "TLSFuzzer is not properly checked out"
+unless (-d srctop_dir("tlsfuzzer") && -d srctop_dir("tlsfuzzer", "tests"));
$ENV{TESTDATADIR} = abs_path(data_dir());
plan tests => 1;
[openssl] master update
The branch master has been updated
via 2c2724476ef50b8926b033f009bdfc85ac3f1816 (commit)
via 870871e5df4f47611c38e81d3f50e38cbf362082 (commit)
from 7ee992a5d931ab5ad9df00d2d8e47e1b7a72d7ac (commit)
- Log -
commit 2c2724476ef50b8926b033f009bdfc85ac3f1816
Author: Dr. David von Oheimb
Date: Tue Aug 24 12:03:12 2021 +0200
APPS: Add check for multiple 'unknown' options
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/16416)
commit 870871e5df4f47611c38e81d3f50e38cbf362082
Author: Dr. David von Oheimb
Date: Tue Aug 24 12:27:12 2021 +0200
PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name
Reviewed-by: Dmitry Belyavskiy
(Merged from https://github.com/openssl/openssl/pull/16416)
---
Summary of changes:
apps/cms.c | 1 +
apps/crl.c | 1 +
apps/dgst.c | 1 +
apps/dsa.c | 1 +
apps/ec.c| 1 +
apps/enc.c | 1 +
apps/gendsa.c| 1 +
apps/genpkey.c | 1 +
apps/genrsa.c| 1 +
apps/include/opt.h | 2 ++
apps/lib/opt.c | 19 ++-
apps/ocsp.c | 9 +++--
apps/pkcs12.c| 12 ++--
apps/pkey.c | 1 +
apps/req.c | 1 +
apps/rsa.c | 1 +
apps/smime.c | 1 +
apps/storeutl.c | 4 +++-
apps/ts.c| 1 +
apps/x509.c | 2 +-
doc/man1/openssl-ocsp.pod.in | 11 ++-
21 files changed, 57 insertions(+), 16 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index b49d1e3a68..575f8b3625 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -314,6 +314,7 @@ int cms_main(int argc, char **argv)
if (encerts == NULL || vpm == NULL)
goto end;
+opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, cms_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/crl.c b/apps/crl.c
index 8d353ff2af..c8f0981ee7 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -98,6 +98,7 @@ int crl_main(int argc, char **argv)
int hash_old = 0;
#endif
+opt_set_unknown_name("digest");
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/dgst.c b/apps/dgst.c
index e75dd72521..18ba3d41c5 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -115,6 +115,7 @@ int dgst_main(int argc, char **argv)
buf = app_malloc(BUFSIZE, "I/O buffer");
md = (EVP_MD *)EVP_get_digestbyname(argv[0]);
+opt_set_unknown_name("digest");
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/dsa.c b/apps/dsa.c
index 9605ed81e7..fae277b8a2 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -92,6 +92,7 @@ int dsa_main(int argc, char **argv)
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
+opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/ec.c b/apps/ec.c
index 4573300a5e..2c350ff0b4 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -80,6 +80,7 @@ int ec_main(int argc, char **argv)
char *point_format = NULL;
int no_public = 0;
+opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/enc.c b/apps/enc.c
index e71453c3c4..b14129d9b0 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -143,6 +143,7 @@ int enc_main(int argc, char **argv)
else if (strcmp(argv[0], "enc") != 0)
ciphername = argv[0];
+opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, enc_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/gendsa.c b/apps/gendsa.c
index b9bc2f502b..c4070c9e1a 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -62,6 +62,7 @@ int gendsa_main(int argc, char **argv)
OPTION_CHOICE o;
int ret = 1, private = 0, verbose = 0, nbits;
+opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 7f70a6baa2..f4c8f92c34 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -74,6 +74,7 @@ int genpkey_main(int argc, char **argv)
OSSL_LIB_CTX *libctx = app_get0_libctx();
STACK_OF(OPENSSL_STRING) *keyopt = NULL;
+opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, genpkey_options);
keyopt = sk_OPENSSL_STRING_new_null();
if (keyopt == NULL)
diff --git a/apps/genrsa.c b/apps/genrsa.c
index
[openssl] master update
The branch master has been updated
via 7ee992a5d931ab5ad9df00d2d8e47e1b7a72d7ac (commit)
from fbbe7202eba9fba243c18513f4f0316dafb3496d (commit)
- Log -
commit 7ee992a5d931ab5ad9df00d2d8e47e1b7a72d7ac
Author: Matt Caswell
Date: Thu Dec 23 13:59:12 2021 +
Statically link the legacy provider to endecode_test
We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests that load the
legacy provider which is dynamically linked to libcrypto. Two versions of
libcrypto are then linked to the same executable which can lead to crashes.
Fixes #17059
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17345)
---
Summary of changes:
crypto/build.info| 4 ++--
test/build.info | 8
test/endecode_test.c | 14 ++
3 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/crypto/build.info b/crypto/build.info
index efca6cc105..8c7a3a9c22 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -74,8 +74,8 @@ DEFINE[../providers/libfips.a]=$CPUIDDEF
# already gets everything that the static libcrypto.a has, and doesn't need it
# added again.
IF[{- !$disabled{module} && !$disabled{shared} -}]
- SOURCE[../providers/liblegacy.a]=$CPUID_COMMON
- DEFINE[../providers/liblegacy.a]=$CPUIDDEF
+ SOURCE[../providers/legacy]=$CPUID_COMMON
+ DEFINE[../providers/legacy]=$CPUIDDEF
ENDIF
# Implementations are now spread across several libraries, so the CPUID define
diff --git a/test/build.info b/test/build.info
index ec4bd8d5db..188b850beb 100644
--- a/test/build.info
+++ b/test/build.info
@@ -867,6 +867,14 @@ IF[{- !$disabled{tests} -}]
SOURCE[endecode_test]=endecode_test.c helpers/predefined_dhparams.c
INCLUDE[endecode_test]=.. ../include ../apps/include
DEPEND[endecode_test]=../libcrypto.a libtestutil.a
+ IF[{- !$disabled{module} && !$disabled{legacy} -}]
+DEFINE[endecode_test]=STATIC_LEGACY
+SOURCE[endecode_test]=../providers/legacyprov.c
+INCLUDE[endecode_test]=../providers/common/include \
+ ../providers/implementations/include
+DEPEND[endecode_test]=../providers/liblegacy.a \
+ ../providers/libcommon.a
+ ENDIF
IF[{- !$disabled{'deprecated-3.0'} -}]
PROGRAMS{noinst}=endecoder_legacy_test
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 1698867b40..0c33dff0ee 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -26,6 +26,10 @@
#include "helpers/predefined_dhparams.h"
#include "testutil.h"
+#ifdef STATIC_LEGACY
+OSSL_provider_init_fn ossl_legacy_provider_init;
+#endif
+
/* Extended test macros to allow passing file & line number */
#define TEST_FL_ptr(a) test_ptr(file, line, #a, a)
#define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b,
n)
@@ -1305,6 +1309,16 @@ int setup_tests(void)
return 0;
}
+#ifdef STATIC_LEGACY
+/*
+ * This test is always statically linked against libcrypto. We must not
+ * attempt to load legacy.so that might be dynamically linked against
+ * libcrypto. Instead we use a built-in version of the legacy provider.
+ */
+if (!OSSL_PROVIDER_add_builtin(testctx, "legacy",
ossl_legacy_provider_init))
+return 0;
+#endif
+
/* Separate provider/ctx for generating the test data */
if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new()))
return 0;
