From openssl at openssl.org Mon Apr 1 01:38:45 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Apr 2019 01:38:45 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1554082725.956196.4846.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: cad8347be2 fixed public range check in ec_GF2m_simple_oct2point 863360fbc5 Implement the param types that aren't explicitly lengthened (e.g. int) in terms of those that are (e.g. int32_t). f3448f5481 issue-8493: Fix for filenames with newlines using openssl dgst 875c9a9a34 Fix a memleak in apps/verify 7eba43e837 Add documents for SM2 cert verification 317ba78fe1 Add test cases for SM2 cert verification 3a8269b319 trace: rename the default trace category from 'ANY' to 'ALL' 02bd2d7f5c trace: apps/openssl: print the correct category name 6a411436a5 trace: fix out-of-bound memory access 0fda9f7c29 trace: don't pretend success if it's not enabled 2e6b615f79 s390x assembly pack: import poly from cryptogams repo 558ea84743 Remove heartbeats completely d88736df4d Windows, VMS: build fixes 72962d025f Correctly initialise PACKET to zero in the tests to avoid possible problems with padding bytes. 6fc1e6246f Propery initialise struct sslapitest_log_counts to zero using memset. 79bc34185f Correctly zero the DISPLAY_COLUMNS structure. 80de174281 Make the array zeroing explicit using memset. 2661d716d9 It isn't necessary to initialise a struct stat before a stat(2) system call. The initialisation was also flawed, failing to account for padding and alignment bytes. 64a45882c7 Ensure that the struct msghdr is properly zeroed. c75f80a468 openssl dgst: show MD name at all times - CHANGES entry 7ed4b97b61 openssl dgst: show MD name at all times 678d2681b2 Clear seed source structures. 9c98aa354d For the lack of GetModuleHandleEx(), we use DSO route for WinCE. Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). 3d098890b2 Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE. 09305a7d0a Avoid linking error for InitializeCriticalSectionAndSpinCount(). Replace it with InitializeCriticalSection() 88ffc8dea4 Avoid linking error on WCE700 for _InterlockedExchangeAdd(). This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp d69226a3fc Add the FIPS related continuous random number generator (CRNG) testing. Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. cd353c7768 Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64. 291bc802e4 IA64 assembly pack: add {chacha|poly1305}-ia64 modules. 952abb1521 Fixed unmatched BN_CTX_start/end if an invalid exponent is used. 711a161f03 Fix broken change from b3d113e. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../../openssl/test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1272, 145 wallclock secs ( 1.79 usr 0.37 sys + 127.66 cusr 10.35 csys = 140.17 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Apr 1 04:02:58 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Apr 2019 04:02:58 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-heartbeats Message-ID: <1554091378.910550.3863.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-heartbeats Commit log since last time: cad8347be2 fixed public range check in ec_GF2m_simple_oct2point 863360fbc5 Implement the param types that aren't explicitly lengthened (e.g. int) in terms of those that are (e.g. int32_t). f3448f5481 issue-8493: Fix for filenames with newlines using openssl dgst 875c9a9a34 Fix a memleak in apps/verify 7eba43e837 Add documents for SM2 cert verification 317ba78fe1 Add test cases for SM2 cert verification 3a8269b319 trace: rename the default trace category from 'ANY' to 'ALL' 02bd2d7f5c trace: apps/openssl: print the correct category name 6a411436a5 trace: fix out-of-bound memory access 0fda9f7c29 trace: don't pretend success if it's not enabled 2e6b615f79 s390x assembly pack: import poly from cryptogams repo 558ea84743 Remove heartbeats completely d88736df4d Windows, VMS: build fixes 72962d025f Correctly initialise PACKET to zero in the tests to avoid possible problems with padding bytes. 6fc1e6246f Propery initialise struct sslapitest_log_counts to zero using memset. 79bc34185f Correctly zero the DISPLAY_COLUMNS structure. 80de174281 Make the array zeroing explicit using memset. 2661d716d9 It isn't necessary to initialise a struct stat before a stat(2) system call. The initialisation was also flawed, failing to account for padding and alignment bytes. 64a45882c7 Ensure that the struct msghdr is properly zeroed. c75f80a468 openssl dgst: show MD name at all times - CHANGES entry 7ed4b97b61 openssl dgst: show MD name at all times 678d2681b2 Clear seed source structures. 9c98aa354d For the lack of GetModuleHandleEx(), we use DSO route for WinCE. Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). 3d098890b2 Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE. 09305a7d0a Avoid linking error for InitializeCriticalSectionAndSpinCount(). Replace it with InitializeCriticalSection() 88ffc8dea4 Avoid linking error on WCE700 for _InterlockedExchangeAdd(). This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp d69226a3fc Add the FIPS related continuous random number generator (CRNG) testing. Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. cd353c7768 Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64. 291bc802e4 IA64 assembly pack: add {chacha|poly1305}-ia64 modules. 952abb1521 Fixed unmatched BN_CTX_start/end if an invalid exponent is used. 711a161f03 Fix broken change from b3d113e. Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings no-heartbeats Operating system: x86_64-whatever-linux2 Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. ***** Unsupported options: no-heartbeats $ make clean make: *** No rule to make target 'clean'. Stop. From levitte at openssl.org Mon Apr 1 04:14:58 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 01 Apr 2019 04:14:58 +0000 Subject: [openssl] master update Message-ID: <1554092098.614717.9166.nullmailer@dev.openssl.org> The branch master has been updated via 31b6ed76dfd53529b74e79830c81372d0b756929 (commit) from 9c119bc6b54f4851898134db28c2a01947b5efba (commit) - Log ----------------------------------------------------------------- commit 31b6ed76dfd53529b74e79830c81372d0b756929 Author: Richard Levitte Date: Sun Mar 31 16:15:02 2019 +0200 Rework DSO API conditions and configuration option 'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/#8622) ----------------------------------------------------------------------- Summary of changes: Configure | 14 ++++---------- INSTALL | 3 --- crypto/dso/dso_openssl.c | 2 +- crypto/include/internal/dso_conf.h.in | 5 +++-- crypto/init.c | 10 ++++------ include/internal/dsoerr.h | 7 ++----- 6 files changed, 14 insertions(+), 27 deletions(-) diff --git a/Configure b/Configure index 5aaa640..258f991 100755 --- a/Configure +++ b/Configure @@ -24,7 +24,7 @@ use OpenSSL::Glob; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -59,8 +59,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # [no-]pic [don't] try to build position independent code when supported. # If disabled, it also disables shared and dynamic-engine. # no-asm do not use assembler -# no-dso do not compile in any native shared-library methods. This -# will ensure that all methods just return NULL. # no-egd do not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared @@ -76,7 +74,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # -static while -static is also a pass-through compiler option (and # as such is limited to environments where it's actually # meaningful), it triggers a number configuration options, -# namely no-dso, no-pic, no-shared and no-threads. It is +# namely no-pic, no-shared and no-threads. It is # argued that the only reason to produce statically linked # binaries (and in context it means executables linked with # -static flag, and not just executables linked with static @@ -359,7 +357,6 @@ my @disablables = ( "dgram", "dh", "dsa", - "dso", "dtls", "dynamic-engine", "ec", @@ -440,6 +437,7 @@ my %deprecated_disablables = ( "hw-padlock" => "padlockeng", "ripemd" => "rmd160", "ui" => "ui-console", + "dso" => undef, ); # All of the following are disabled by default: @@ -494,9 +492,6 @@ my @disable_cascades = ( "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], - # Without DSO, we can't load dynamic engines, so don't build them dynamic - "dso" => [ "dynamic-engine" ], - # Without position independent code, there can be no shared libraries or DSOs "pic" => [ "shared" ], "shared" => [ "dynamic-engine" ], @@ -876,7 +871,6 @@ while (@argvcopy) elsif (/^-static$/) { push @{$useradd{LDFLAGS}}, $_; - $disabled{"dso"} = "forced"; $disabled{"pic"} = "forced"; $disabled{"shared"} = "forced"; $disabled{"threads"} = "forced"; @@ -1211,7 +1205,7 @@ foreach my $what (sort keys %disabled) { $config{options} .= " no-$what"; - if (!grep { $what eq $_ } ( 'buildtest-c++', 'dso', 'threads', 'shared', + if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'pic', 'dynamic-engine', 'makedepend', 'zlib-dynamic', 'zlib', 'sse2' )) { (my $WHAT = uc $what) =~ s|-|_|g; diff --git a/INSTALL b/INSTALL index cffa241..9273db3 100644 --- a/INSTALL +++ b/INSTALL @@ -353,9 +353,6 @@ on BSD implementations, in which case it can be disabled with no-devcryptoeng. - no-dso - Don't build support for loading Dynamic Shared Objects. - no-dynamic-engine Don't build the dynamically loaded engines. This only has an effect in a "shared" build diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c index d834b2e..0e24438 100644 --- a/crypto/dso/dso_openssl.c +++ b/crypto/dso/dso_openssl.c @@ -9,7 +9,7 @@ #include "dso_locl.h" -#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) && !defined(DSO_WIN32) && !defined(DSO_DLFCN) +#ifdef DSO_NONE static DSO_METHOD dso_meth_null = { "NULL shared library method" diff --git a/crypto/include/internal/dso_conf.h.in b/crypto/include/internal/dso_conf.h.in index 6e6b9bc..b6703f7 100644 --- a/crypto/include/internal/dso_conf.h.in +++ b/crypto/include/internal/dso_conf.h.in @@ -10,7 +10,6 @@ #ifndef HEADER_DSO_CONF_H # define HEADER_DSO_CONF_H -{- output_off() if $disabled{dso} -} {- # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform @@ -18,6 +17,9 @@ # by a define "DSO_" ... we translate the "dso_scheme" config # string entry into using the following logic; my $scheme = uc $target{dso_scheme}; + if (!$scheme) { + $scheme = "NONE"; + } my @macros = ( "DSO_$scheme" ); if ($scheme eq 'DLFCN') { @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" ); @@ -26,5 +28,4 @@ } join("\n", map { "# define $_" } @macros); -} # define DSO_EXTENSION "{- platform->dsoext() -}" -{- output_on() if $disabled{dso} -} #endif diff --git a/crypto/init.c b/crypto/init.c index dfc5c5f..463da98 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -160,8 +160,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) { OSSL_TRACE(INIT, "ossl_init_load_crypto_nodelete()\n"); -#if !defined(OPENSSL_NO_DSO) \ - && !defined(OPENSSL_USE_NODELETE) \ +#if !defined(OPENSSL_USE_NODELETE) \ && !defined(OPENSSL_NO_PINSHARED) # if defined(DSO_WIN32) && !defined(_WIN32_WCE) { @@ -179,7 +178,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) (ret == TRUE ? "No!" : "Yes.")); return (ret == TRUE) ? 1 : 0; } -# else +# elif !defined(DSO_NONE) /* * Deliberately leak a reference to ourselves. This will force the library * to remain loaded until the atexit() handler is run at process exit. @@ -733,8 +732,7 @@ int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; -#if !defined(OPENSSL_NO_DSO) \ - && !defined(OPENSSL_USE_NODELETE)\ +#if !defined(OPENSSL_USE_NODELETE)\ && !defined(OPENSSL_NO_PINSHARED) { union { @@ -759,7 +757,7 @@ int OPENSSL_atexit(void (*handler)(void)) if (!ret) return 0; } -# else +# elif !defined(DSO_NONE) /* * Deliberately leak a reference to the handler. This will force the * library/code containing the handler to remain loaded until we run the diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h index 3645aa5..8347d85 100644 --- a/include/internal/dsoerr.h +++ b/include/internal/dsoerr.h @@ -17,11 +17,9 @@ # include -# ifndef OPENSSL_NO_DSO - -# ifdef __cplusplus +# ifdef __cplusplus extern "C" -# endif +# endif int ERR_load_DSO_strings(void); /* @@ -83,5 +81,4 @@ int ERR_load_DSO_strings(void); # define DSO_R_UNLOAD_FAILED 107 # define DSO_R_UNSUPPORTED 108 -# endif #endif From openssl at openssl.org Mon Apr 1 05:54:22 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Apr 2019 05:54:22 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-heartbeats Message-ID: <1554098062.064130.4149.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-heartbeats Commit log since last time: cad8347be2 fixed public range check in ec_GF2m_simple_oct2point 863360fbc5 Implement the param types that aren't explicitly lengthened (e.g. int) in terms of those that are (e.g. int32_t). f3448f5481 issue-8493: Fix for filenames with newlines using openssl dgst 875c9a9a34 Fix a memleak in apps/verify 7eba43e837 Add documents for SM2 cert verification 317ba78fe1 Add test cases for SM2 cert verification 3a8269b319 trace: rename the default trace category from 'ANY' to 'ALL' 02bd2d7f5c trace: apps/openssl: print the correct category name 6a411436a5 trace: fix out-of-bound memory access 0fda9f7c29 trace: don't pretend success if it's not enabled 2e6b615f79 s390x assembly pack: import poly from cryptogams repo 558ea84743 Remove heartbeats completely d88736df4d Windows, VMS: build fixes 72962d025f Correctly initialise PACKET to zero in the tests to avoid possible problems with padding bytes. 6fc1e6246f Propery initialise struct sslapitest_log_counts to zero using memset. 79bc34185f Correctly zero the DISPLAY_COLUMNS structure. 80de174281 Make the array zeroing explicit using memset. 2661d716d9 It isn't necessary to initialise a struct stat before a stat(2) system call. The initialisation was also flawed, failing to account for padding and alignment bytes. 64a45882c7 Ensure that the struct msghdr is properly zeroed. c75f80a468 openssl dgst: show MD name at all times - CHANGES entry 7ed4b97b61 openssl dgst: show MD name at all times 678d2681b2 Clear seed source structures. 9c98aa354d For the lack of GetModuleHandleEx(), we use DSO route for WinCE. Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). 3d098890b2 Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE. 09305a7d0a Avoid linking error for InitializeCriticalSectionAndSpinCount(). Replace it with InitializeCriticalSection() 88ffc8dea4 Avoid linking error on WCE700 for _InterlockedExchangeAdd(). This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp d69226a3fc Add the FIPS related continuous random number generator (CRNG) testing. Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. cd353c7768 Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64. 291bc802e4 IA64 assembly pack: add {chacha|poly1305}-ia64 modules. 952abb1521 Fixed unmatched BN_CTX_start/end if an invalid exponent is used. 711a161f03 Fix broken change from b3d113e. Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings enable-heartbeats Operating system: x86_64-whatever-linux2 Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. ***** Unsupported options: enable-heartbeats $ make clean make: *** No rule to make target 'clean'. Stop. From matt at openssl.org Mon Apr 1 10:59:55 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 01 Apr 2019 10:59:55 +0000 Subject: [openssl] master update Message-ID: <1554116395.977929.8507.nullmailer@dev.openssl.org> The branch master has been updated via 9058d9bcd0a0391353720f7728a48596b575ad64 (commit) via 005080aa62a8da4a64cd749a2620a89b29e5be26 (commit) via 2fab79af4666d010647c1f3b2e2687ba1201dfa4 (commit) via c35e921ffa58a84be7f68a37e5799ebefecf7326 (commit) via e401ef801e410d4d0d6dba62cc599cde786024b5 (commit) via f851a689328508cf1c5e64c0cde249956b72789f (commit) from 31b6ed76dfd53529b74e79830c81372d0b756929 (commit) - Log ----------------------------------------------------------------- commit 9058d9bcd0a0391353720f7728a48596b575ad64 Author: Boris Pismenny Date: Thu Dec 6 21:36:08 2018 +0200 add documentation Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7848) commit 005080aa62a8da4a64cd749a2620a89b29e5be26 Author: Boris Pismenny Date: Thu Dec 6 21:17:26 2018 +0200 apps: print Kernel receive side TLS in s_client and s_server Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7848) commit 2fab79af4666d010647c1f3b2e2687ba1201dfa4 Author: Boris Pismenny Date: Sun Mar 11 16:20:29 2018 +0200 sslapitest: add test ktls Rx Add a unit-test for ktls receive side. Change-Id: I890588681d05fba419f644f6d903be6dc83c9ed5 Signed-off-by: Boris Pismenny Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7848) commit c35e921ffa58a84be7f68a37e5799ebefecf7326 Author: Boris Pismenny Date: Thu Feb 21 16:39:36 2019 +0200 ssl: Linux TLS Rx Offload This patch adds support for the Linux TLS Rx socket option. It completes the previous patch for TLS Tx offload. If the socket option is successful, then the receive data-path of the TCP socket is implemented by the kernel. We choose to set this option at the earliest - just after CCS is complete. Change-Id: I59741e04d89dddca7fb138e88fffcc1259b30132 Signed-off-by: Boris Pismenny Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7848) commit e401ef801e410d4d0d6dba62cc599cde786024b5 Author: Boris Pismenny Date: Sun Mar 11 16:17:51 2018 +0200 bio: Linux TLS Rx Offload Add support for Linux TLS Rx offload in the BIO layer. Change-Id: I79924b25dd290a873d69f6c8d429e1f5bb2c3365 Signed-off-by: Boris Pismenny Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7848) commit f851a689328508cf1c5e64c0cde249956b72789f Author: Boris Pismenny Date: Sun Mar 11 16:16:16 2018 +0200 Linux ktls Rx infrastructure Introduce the infrastructure for supproting receive side Linux Kernel TLS data-path. Change-Id: I71864d8f9d74a701cc8b0ad5536005f3c1716c1c Signed-off-by: Boris Pismenny Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7848) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 2 + apps/s_server.c | 2 + crypto/bio/bss_sock.c | 19 ++++-- doc/man3/BIO_ctrl.pod | 15 +++-- include/internal/bio.h | 37 ++++++------ include/internal/ktls.h | 107 ++++++++++++++++++++++++++++---- include/openssl/bio.h | 9 ++- include/openssl/ssl.h | 6 +- ssl/record/rec_layer_s3.c | 10 ++- ssl/record/ssl3_record.c | 47 +++++++++++++-- ssl/t1_enc.c | 87 ++++++++++++++++++++++---- test/sslapitest.c | 151 +++++++++++++++++++++++++++++++++++++++++----- util/private.num | 1 + 13 files changed, 415 insertions(+), 78 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 6d7a83f..bb4f0aa 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -3313,6 +3313,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) #ifndef OPENSSL_NO_KTLS if (BIO_get_ktls_send(SSL_get_wbio(s))) BIO_printf(bio_err, "Using Kernel TLS for sending\n"); + if (BIO_get_ktls_recv(SSL_get_rbio(s))) + BIO_printf(bio_err, "Using Kernel TLS for receiving\n"); #endif if (OSSL_TRACE_ENABLED(TLS)) { diff --git a/apps/s_server.c b/apps/s_server.c index 92d4579..381b1c9 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2921,6 +2921,8 @@ static void print_connection_info(SSL *con) #ifndef OPENSSL_NO_KTLS if (BIO_get_ktls_send(SSL_get_wbio(con))) BIO_printf(bio_err, "Using Kernel TLS for sending\n"); + if (BIO_get_ktls_recv(SSL_get_rbio(con))) + BIO_printf(bio_err, "Using Kernel TLS for receiving\n"); #endif (void)BIO_flush(bio_s_out); diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 60e5adc..0c99459 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -108,7 +108,12 @@ static int sock_read(BIO *b, char *out, int outl) if (out != NULL) { clear_socket_error(); - ret = readsocket(b->num, out, outl); +# ifndef OPENSSL_NO_KTLS + if (BIO_get_ktls_recv(b)) + ret = ktls_read_record(b->num, out, outl); + else +# endif + ret = readsocket(b->num, out, outl); BIO_clear_retry_flags(b); if (ret <= 0) { if (BIO_sock_should_retry(ret)) @@ -177,20 +182,22 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 1; break; # ifndef OPENSSL_NO_KTLS - case BIO_CTRL_SET_KTLS_SEND: + case BIO_CTRL_SET_KTLS: crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr; ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num); if (ret) - BIO_set_ktls_flag(b); + BIO_set_ktls_flag(b, num); break; case BIO_CTRL_GET_KTLS_SEND: - return BIO_should_ktls_flag(b); - case BIO_CTRL_SET_KTLS_SEND_CTRL_MSG: + return BIO_should_ktls_flag(b, 1); + case BIO_CTRL_GET_KTLS_RECV: + return BIO_should_ktls_flag(b, 0); + case BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG: BIO_set_ktls_ctrl_msg_flag(b); b->ptr = (void *)num; ret = 0; break; - case BIO_CTRL_CLEAR_KTLS_CTRL_MSG: + case BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG: BIO_clear_ktls_ctrl_msg_flag(b); ret = 0; break; diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod index 29e72aa..f51593f 100644 --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -5,7 +5,8 @@ BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, -BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send +BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send, +BIO_get_ktls_recv - BIO control operations =head1 SYNOPSIS @@ -35,6 +36,7 @@ BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); int BIO_get_ktls_send(BIO *b); + int BIO_get_ktls_recv(BIO *b); =head1 DESCRIPTION @@ -74,8 +76,10 @@ Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending() return a size_t type and are functions, BIO_pending() and BIO_wpending() are macros which call BIO_ctrl(). -BIO_get_ktls_send() return 1 if the BIO is using the Kernel TLS data-path for +BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for sending. Otherwise, it returns zero. +BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for +receiving. Otherwise, it returns zero. =head1 RETURN VALUES @@ -97,8 +101,10 @@ BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE. BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() return the amount of pending data. -BIO_get_ktls_send() return 1 if the BIO is using the Kernel TLS data-path for +BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for sending. Otherwise, it returns zero. +BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for +receiving. Otherwise, it returns zero. =head1 NOTES @@ -134,7 +140,8 @@ the case of BIO_seek() on a file BIO for a successful operation. =head1 HISTORY -The BIO_get_ktls_send() function was added in OpenSSL 3.0.0. +The BIO_get_ktls_send() and BIO_get_ktls_recv() functions were added in +OpenSSL 3.0.0. =head1 COPYRIGHT diff --git a/include/internal/bio.h b/include/internal/bio.h index 1e80d5a..8f368e3 100644 --- a/include/internal/bio.h +++ b/include/internal/bio.h @@ -35,35 +35,38 @@ void bio_cleanup(void); int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written); int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); -# define BIO_CTRL_SET_KTLS_SEND 72 -# define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG 74 -# define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 +/* Changes to these internal BIOs must also update include/openssl/bio.h */ +# define BIO_CTRL_SET_KTLS 72 +# define BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG 74 +# define BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG 75 /* * This is used with socket BIOs: - * BIO_FLAGS_KTLS means we are using ktls with this BIO. - * BIO_FLAGS_KTLS_CTRL_MSG means we are about to send a ctrl message next. + * BIO_FLAGS_KTLS_TX means we are using ktls with this BIO for sending. + * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next. + * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving. */ -# define BIO_FLAGS_KTLS 0x800 -# define BIO_FLAGS_KTLS_CTRL_MSG 0x1000 +# define BIO_FLAGS_KTLS_TX 0x800 +# define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000 +# define BIO_FLAGS_KTLS_RX 0x2000 /* KTLS related controls and flags */ -# define BIO_set_ktls_flag(b) \ - BIO_set_flags(b, BIO_FLAGS_KTLS) -# define BIO_should_ktls_flag(b) \ - BIO_test_flags(b, BIO_FLAGS_KTLS) +# define BIO_set_ktls_flag(b, is_tx) \ + BIO_set_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX) +# define BIO_should_ktls_flag(b, is_tx) \ + BIO_test_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX) # define BIO_set_ktls_ctrl_msg_flag(b) \ - BIO_set_flags(b, BIO_FLAGS_KTLS_CTRL_MSG) + BIO_set_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) # define BIO_should_ktls_ctrl_msg_flag(b) \ - BIO_test_flags(b, (BIO_FLAGS_KTLS_CTRL_MSG)) + BIO_test_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) # define BIO_clear_ktls_ctrl_msg_flag(b) \ - BIO_clear_flags(b, (BIO_FLAGS_KTLS_CTRL_MSG)) + BIO_clear_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) # define BIO_set_ktls(b, keyblob, is_tx) \ - BIO_ctrl(b, BIO_CTRL_SET_KTLS_SEND, is_tx, keyblob) + BIO_ctrl(b, BIO_CTRL_SET_KTLS, is_tx, keyblob) # define BIO_set_ktls_ctrl_msg(b, record_type) \ - BIO_ctrl(b, BIO_CTRL_SET_KTLS_SEND_CTRL_MSG, record_type, NULL) + BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG, record_type, NULL) # define BIO_clear_ktls_ctrl_msg(b) \ - BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_CTRL_MSG, 0, NULL) + BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL) #endif diff --git a/include/internal/ktls.h b/include/internal/ktls.h index 23a0397..5495a8d 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -21,10 +21,11 @@ # ifndef PEDANTIC # warning "KTLS requires Kernel Headers >= 4.13.0" -# warning "Skipping Compilation of KTLS data path" +# warning "Skipping Compilation of KTLS" # endif # define TLS_TX 1 +# define TLS_RX 2 # define TLS_CIPHER_AES_GCM_128 51 # define TLS_CIPHER_AES_GCM_128_IV_SIZE 8 @@ -67,11 +68,19 @@ static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, return -1; } +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + return -1; +} + # else /* KERNEL_VERSION */ # include # include # include +# include "openssl/ssl3.h" +# include "openssl/tls1.h" +# include "openssl/evp.h" # ifndef SOL_TLS # define SOL_TLS 282 @@ -96,16 +105,16 @@ static ossl_inline int ktls_enable(int fd) * The TLS_TX socket option changes the send/sendmsg handlers of the TCP socket. * If successful, then data sent using this socket will be encrypted and * encapsulated in TLS records using the crypto_info provided here. + * The TLS_RX socket option changes the recv/recvmsg handlers of the TCP socket. + * If successful, then data received using this socket will be decrypted, + * authenticated and decapsulated using the crypto_info provided here. */ static ossl_inline int ktls_start(int fd, struct tls12_crypto_info_aes_gcm_128 *crypto_info, size_t len, int is_tx) { - if (is_tx) - return setsockopt(fd, SOL_TLS, TLS_TX, crypto_info, - sizeof(*crypto_info)) ? 0 : 1; - else - return 0; + return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX, + crypto_info, sizeof(*crypto_info)) ? 0 : 1; } /* @@ -121,12 +130,15 @@ static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, struct msghdr msg; int cmsg_len = sizeof(record_type); struct cmsghdr *cmsg; - char buf[CMSG_SPACE(cmsg_len)]; + union { + struct cmsghdr hdr; + char buf[CMSG_SPACE(sizeof(unsigned char))]; + } cmsgbuf; struct iovec msg_iov; /* Vector of data to send/receive into */ memset(&msg, 0, sizeof(msg)); - msg.msg_control = buf; - msg.msg_controllen = sizeof(buf); + msg.msg_control = cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_level = SOL_TLS; cmsg->cmsg_type = TLS_SET_RECORD_TYPE; @@ -142,7 +154,76 @@ static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, return sendmsg(fd, &msg, 0); } -# endif /* KERNEL_VERSION */ -# endif /* OPENSSL_SYS_LINUX */ -# endif /* HEADER_INTERNAL_KTLS */ -#endif /* OPENSSL_NO_KTLS */ +# define K_MIN1_RX 17 +# if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1_RX, K_MIN2) + +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 4.17.0 for receiving" +# warning "Skipping Compilation of KTLS receive data path" +# endif + +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + return -1; +} + +# else + +/* + * Receive a TLS record using the crypto_info provided in ktls_start. + * The kernel strips the TLS record header, IV and authentication tag, + * returning only the plaintext data or an error on failure. + * We add the TLS record header here to satisfy routines in rec_layer_s3.c + */ +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + struct msghdr msg; + struct cmsghdr *cmsg; + union { + struct cmsghdr hdr; + char buf[CMSG_SPACE(sizeof(unsigned char))]; + } cmsgbuf; + struct iovec msg_iov; + int ret; + unsigned char *p = data; + const size_t prepend_length = SSL3_RT_HEADER_LENGTH; + + if (length < prepend_length + EVP_GCM_TLS_TAG_LEN) { + errno = EINVAL; + return -1; + } + + memset(&msg, 0, sizeof(msg)); + msg.msg_control = cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); + + msg_iov.iov_base = p + prepend_length; + msg_iov.iov_len = length - prepend_length - EVP_GCM_TLS_TAG_LEN; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + ret = recvmsg(fd, &msg, 0); + if (ret < 0) + return ret; + + if (msg.msg_controllen > 0) { + cmsg = CMSG_FIRSTHDR(&msg); + if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) { + p[0] = *((unsigned char *)CMSG_DATA(cmsg)); + p[1] = TLS1_2_VERSION_MAJOR; + p[2] = TLS1_2_VERSION_MINOR; + /* returned length is limited to msg_iov.iov_len above */ + p[3] = (ret >> 8) & 0xff; + p[4] = ret & 0xff; + ret += prepend_length; + } + } + + return ret; +} + +# endif +# endif +# endif +# endif +#endif diff --git a/include/openssl/bio.h b/include/openssl/bio.h index ed9d489..85cbe0a 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -145,15 +145,20 @@ extern "C" { # define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 -/* internal BIO see include/internal/bio.h: +/* + * internal BIO see include/internal/bio.h: * # define BIO_CTRL_SET_KTLS_SEND 72 * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG 74 - * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 + * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 */ # define BIO_CTRL_GET_KTLS_SEND 73 +# define BIO_CTRL_GET_KTLS_RECV 76 + # define BIO_get_ktls_send(b) \ BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) +# define BIO_get_ktls_recv(b) \ + BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) /* modifiers */ # define BIO_FP_READ 0x02 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 72c9d06..f4b17f1 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -500,7 +500,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); */ # define SSL_MODE_ASYNC 0x00000100U /* - * Use the kernel TLS transmission data-path. + * Don't use the kernel TLS data-path for sending. */ # define SSL_MODE_NO_KTLS_TX 0x00000200U /* @@ -515,6 +515,10 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); * - OpenSSL 1.1.1 and 1.1.1a */ # define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U +/* + * Don't use the kernel TLS data-path for receiving. + */ +# define SSL_MODE_NO_KTLS_RX 0x00000800U /* Cert related flags */ /* diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index b212277..8b2320d 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -268,11 +268,15 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, return -1; } - /* We always act like read_ahead is set for DTLS */ - if (!s->rlayer.read_ahead && !SSL_IS_DTLS(s)) + /* + * Ktls always reads full records. + * Also, we always act like read_ahead is set for DTLS. + */ + if (!BIO_get_ktls_recv(s->rbio) && !s->rlayer.read_ahead + && !SSL_IS_DTLS(s)) { /* ignore max parameter */ max = n; - else { + } else { if (max < n) max = n; if (max > rb->len - rb->offset) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index e1231d2..24694b3 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -187,9 +187,11 @@ int ssl3_get_record(SSL *s) size_t num_recs = 0, max_recs, j; PACKET pkt, sslv2pkt; size_t first_rec_len; + int is_ktls_left; rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); + is_ktls_left = (rbuf->left > 0); max_recs = s->max_pipelines; if (max_recs == 0) max_recs = 1; @@ -208,8 +210,32 @@ int ssl3_get_record(SSL *s) rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, SSL3_BUFFER_get_len(rbuf), 0, num_recs == 0 ? 1 : 0, &n); - if (rret <= 0) - return rret; /* error or non-blocking */ + if (rret <= 0) { + if (!BIO_get_ktls_recv(s->rbio)) + return rret; /* error or non-blocking */ +#ifndef OPENSSL_NO_KTLS + switch (errno) { + case EBADMSG: + SSLfatal(s, SSL_AD_BAD_RECORD_MAC, + SSL_F_SSL3_GET_RECORD, + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + break; + case EMSGSIZE: + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, + SSL_F_SSL3_GET_RECORD, + SSL_R_PACKET_LENGTH_TOO_LONG); + break; + case EINVAL: + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_SSL3_GET_RECORD, + SSL_R_WRONG_VERSION_NUMBER); + break; + default: + break; + } + return rret; +#endif + } RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY); p = RECORD_LAYER_get_packet(&s->rlayer); @@ -387,7 +413,7 @@ int ssl3_get_record(SSL *s) len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif - if (thisrr->length > len) { + if (thisrr->length > len && !BIO_get_ktls_recv(s->rbio)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; @@ -405,6 +431,7 @@ int ssl3_get_record(SSL *s) } else { more = thisrr->length; } + if (more > 0) { /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ @@ -493,6 +520,13 @@ int ssl3_get_record(SSL *s) } /* + * KTLS reads full records. If there is any data left, + * then it is from before enabling ktls + */ + if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) + goto skip_decryption; + + /* * If in encrypt-then-mac mode calculate mac from encrypted record. All * the details below are public so no timing details can leak. */ @@ -674,6 +708,8 @@ int ssl3_get_record(SSL *s) return -1; } + skip_decryption: + for (j = 0; j < num_recs; j++) { thisrr = &rr[j]; @@ -735,7 +771,7 @@ int ssl3_get_record(SSL *s) return -1; } - if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) { + if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH && !BIO_get_ktls_recv(s->rbio)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); return -1; @@ -743,7 +779,8 @@ int ssl3_get_record(SSL *s) /* If received packet overflows current Max Fragment Length setting */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { + && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + && !BIO_get_ktls_recv(s->rbio)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); return -1; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index fe4ba93..5925e6a 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -83,6 +83,39 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) return ret; } +#ifndef OPENSSL_NO_KTLS + /* + * Count the number of records that were not processed yet from record boundary. + * + * This function assumes that there are only fully formed records read in the + * record layer. If read_ahead is enabled, then this might be false and this + * function will fail. + */ +static int count_unprocessed_records(SSL *s) +{ + SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); + PACKET pkt, subpkt; + int count = 0; + + if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left)) + return -1; + + while (PACKET_remaining(&pkt) > 0) { + /* Skip record type and version */ + if (!PACKET_forward(&pkt, 3)) + return -1; + + /* Read until next record */ + if (PACKET_get_length_prefixed_2(&pkt, &subpkt)) + return -1; + + count += 1; + } + + return count; +} +#endif + int tls1_change_cipher_state(SSL *s, int which) { unsigned char *p, *mac_secret; @@ -101,8 +134,10 @@ int tls1_change_cipher_state(SSL *s, int which) int reuse_dd = 0; #ifndef OPENSSL_NO_KTLS struct tls12_crypto_info_aes_gcm_128 crypto_info; - BIO *wbio; + BIO *bio; unsigned char geniv[12]; + int count_unprocessed; + int bit; #endif c = s->s3->tmp.new_sym_enc; @@ -326,8 +361,8 @@ int tls1_change_cipher_state(SSL *s, int which) if (s->compress) goto skip_ktls; - if ((which & SSL3_CC_READ) || - ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX))) + if (((which & SSL3_CC_READ) && (s->mode & SSL_MODE_NO_KTLS_RX)) + || ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX))) goto skip_ktls; /* ktls supports only the maximum fragment size */ @@ -344,19 +379,26 @@ int tls1_change_cipher_state(SSL *s, int which) if (s->version != TLS1_2_VERSION) goto skip_ktls; - wbio = s->wbio; - if (!ossl_assert(wbio != NULL)) { + if (which & SSL3_CC_WRITE) + bio = s->wbio; + else + bio = s->rbio; + + if (!ossl_assert(bio != NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err; } /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */ - if (BIO_flush(wbio) <= 0) - goto skip_ktls; + if (which & SSL3_CC_WRITE) { + if (BIO_flush(bio) <= 0) + goto skip_ktls; + } /* ktls doesn't support renegotiation */ - if (BIO_get_ktls_send(s->wbio)) { + if ((BIO_get_ktls_send(s->wbio) && (which & SSL3_CC_WRITE)) || + (BIO_get_ktls_recv(s->rbio) && (which & SSL3_CC_READ))) { SSLfatal(s, SSL_AD_NO_RENEGOTIATION, SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err; @@ -373,12 +415,33 @@ int tls1_change_cipher_state(SSL *s, int which) TLS_CIPHER_AES_GCM_128_IV_SIZE); memcpy(crypto_info.salt, geniv, TLS_CIPHER_AES_GCM_128_SALT_SIZE); memcpy(crypto_info.key, key, EVP_CIPHER_key_length(c)); - memcpy(crypto_info.rec_seq, &s->rlayer.write_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + if (which & SSL3_CC_WRITE) + memcpy(crypto_info.rec_seq, &s->rlayer.write_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + else + memcpy(crypto_info.rec_seq, &s->rlayer.read_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + + if (which & SSL3_CC_READ) { + count_unprocessed = count_unprocessed_records(s); + if (count_unprocessed < 0) + goto skip_ktls; + + /* increment the crypto_info record sequence */ + while (count_unprocessed) { + for (bit = 7; bit >= 0; bit--) { /* increment */ + ++crypto_info.rec_seq[bit]; + if (crypto_info.rec_seq[bit] != 0) + break; + } + count_unprocessed--; + } + } /* ktls works with user provided buffers directly */ - if (BIO_set_ktls(wbio, &crypto_info, which & SSL3_CC_WRITE)) { - ssl3_release_write_buffer(s); + if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { + if (which & SSL3_CC_WRITE) + ssl3_release_write_buffer(s); SSL_set_options(s, SSL_OP_NO_RENEGOTIATION); } diff --git a/test/sslapitest.c b/test/sslapitest.c index bccf055..7ca8c75 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -723,6 +723,8 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd) size_t err = 0; char crec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; char crec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + char crec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + char crec_rseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; char srec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; char srec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; char srec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; @@ -731,6 +733,8 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd) cbuf[0] = count++; memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, @@ -756,6 +760,8 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd) memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, @@ -786,16 +792,33 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd) goto end; } - if (!TEST_mem_ne(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) - goto end; + if (clientssl->mode & SSL_MODE_NO_KTLS_RX) { + if (!TEST_mem_ne(crec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + crec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + } else { + if (!TEST_mem_eq(crec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + crec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + } + + if (serverssl->mode & SSL_MODE_NO_KTLS_RX) { + if (!TEST_mem_ne(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + } else { + if (!TEST_mem_eq(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, + srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + goto end; + } return 1; end: return 0; } -static int execute_test_ktls(int cis_ktls_tx, int sis_ktls_tx) +static int execute_test_ktls(int cis_ktls_tx, int cis_ktls_rx, + int sis_ktls_tx, int sis_ktls_rx) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -830,6 +853,16 @@ static int execute_test_ktls(int cis_ktls_tx, int sis_ktls_tx) goto end; } + if (!cis_ktls_rx) { + if (!TEST_true(SSL_set_mode(clientssl, SSL_MODE_NO_KTLS_RX))) + goto end; + } + + if (!sis_ktls_rx) { + if (!TEST_true(SSL_set_mode(serverssl, SSL_MODE_NO_KTLS_RX))) + goto end; + } + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; @@ -850,6 +883,22 @@ static int execute_test_ktls(int cis_ktls_tx, int sis_ktls_tx) goto end; } + if (!cis_ktls_rx) { + if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) + goto end; + } else { + if (!TEST_true(BIO_get_ktls_recv(clientssl->rbio))) + goto end; + } + + if (!sis_ktls_rx) { + if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio))) + goto end; + } else { + if (!TEST_true(BIO_get_ktls_recv(serverssl->rbio))) + goto end; + } + if (!TEST_true(ping_pong_query(clientssl, serverssl, cfd, sfd))) goto end; @@ -869,24 +918,84 @@ end: return testresult; } -static int test_ktls_client_server(void) +static int test_ktls_no_txrx_client_no_txrx_server(void) +{ + return execute_test_ktls(0, 0, 0, 0); +} + +static int test_ktls_no_rx_client_no_txrx_server(void) +{ + return execute_test_ktls(1, 0, 0, 0); +} + +static int test_ktls_no_tx_client_no_txrx_server(void) +{ + return execute_test_ktls(0, 1, 0, 0); +} + +static int test_ktls_client_no_txrx_server(void) +{ + return execute_test_ktls(1, 1, 0, 0); +} + +static int test_ktls_no_txrx_client_no_rx_server(void) +{ + return execute_test_ktls(0, 0, 1, 0); +} + +static int test_ktls_no_rx_client_no_rx_server(void) +{ + return execute_test_ktls(1, 0, 1, 0); +} + +static int test_ktls_no_tx_client_no_rx_server(void) +{ + return execute_test_ktls(0, 1, 1, 0); +} + +static int test_ktls_client_no_rx_server(void) { - return execute_test_ktls(1, 1); + return execute_test_ktls(1, 1, 1, 0); } -static int test_ktls_no_client_server(void) +static int test_ktls_no_txrx_client_no_tx_server(void) { - return execute_test_ktls(0, 1); + return execute_test_ktls(0, 0, 0, 1); } -static int test_ktls_client_no_server(void) +static int test_ktls_no_rx_client_no_tx_server(void) { - return execute_test_ktls(1, 0); + return execute_test_ktls(1, 0, 0, 1); } -static int test_ktls_no_client_no_server(void) +static int test_ktls_no_tx_client_no_tx_server(void) +{ + return execute_test_ktls(0, 1, 0, 1); +} + +static int test_ktls_client_no_tx_server(void) +{ + return execute_test_ktls(1, 1, 0, 1); +} + +static int test_ktls_no_txrx_client_server(void) +{ + return execute_test_ktls(0, 0, 1, 1); +} + +static int test_ktls_no_rx_client_server(void) +{ + return execute_test_ktls(1, 0, 1, 1); +} + +static int test_ktls_no_tx_client_server(void) +{ + return execute_test_ktls(0, 1, 1, 1); +} + +static int test_ktls_client_server(void) { - return execute_test_ktls(0, 0); + return execute_test_ktls(1, 1, 1, 1); } #endif @@ -6155,10 +6264,22 @@ int setup_tests(void) #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \ && !defined(OPENSSL_NO_SOCK) + ADD_TEST(test_ktls_no_txrx_client_no_txrx_server); + ADD_TEST(test_ktls_no_rx_client_no_txrx_server); + ADD_TEST(test_ktls_no_tx_client_no_txrx_server); + ADD_TEST(test_ktls_client_no_txrx_server); + ADD_TEST(test_ktls_no_txrx_client_no_rx_server); + ADD_TEST(test_ktls_no_rx_client_no_rx_server); + ADD_TEST(test_ktls_no_tx_client_no_rx_server); + ADD_TEST(test_ktls_client_no_rx_server); + ADD_TEST(test_ktls_no_txrx_client_no_tx_server); + ADD_TEST(test_ktls_no_rx_client_no_tx_server); + ADD_TEST(test_ktls_no_tx_client_no_tx_server); + ADD_TEST(test_ktls_client_no_tx_server); + ADD_TEST(test_ktls_no_txrx_client_server); + ADD_TEST(test_ktls_no_rx_client_server); + ADD_TEST(test_ktls_no_tx_client_server); ADD_TEST(test_ktls_client_server); - ADD_TEST(test_ktls_no_client_server); - ADD_TEST(test_ktls_client_no_server); - ADD_TEST(test_ktls_no_client_no_server); #endif ADD_TEST(test_large_message_tls); ADD_TEST(test_large_message_tls_read_ahead); diff --git a/util/private.num b/util/private.num index 6c37fc0..f15957b 100644 --- a/util/private.num +++ b/util/private.num @@ -116,6 +116,7 @@ BIO_get_cipher_ctx define BIO_get_cipher_status define BIO_get_close define BIO_get_ktls_send define +BIO_get_ktls_recv define BIO_get_conn_address define BIO_get_conn_hostname define BIO_get_conn_port define From builds at travis-ci.org Mon Apr 1 11:36:25 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Apr 2019 11:36:25 +0000 Subject: Broken: openssl/openssl#24432 (master - 9058d9b) In-Reply-To: Message-ID: <5ca1f7b8de2a3_43fa93b9c0120819fc@da8e96a4-999a-45a1-9d86-e2c82c187ac9.mail> Build Update for openssl/openssl ------------------------------------- Build: #24432 Status: Broken Duration: 31 mins and 48 secs Commit: 9058d9b (master) Author: Boris Pismenny Message: add documentation Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7848) View the changeset: https://github.com/openssl/openssl/compare/31b6ed76dfd5...9058d9bcd0a0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514085056?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Apr 1 14:03:52 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Apr 2019 14:03:52 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm2 Message-ID: <1554127432.226697.16507.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: cad8347be2 fixed public range check in ec_GF2m_simple_oct2point 863360fbc5 Implement the param types that aren't explicitly lengthened (e.g. int) in terms of those that are (e.g. int32_t). f3448f5481 issue-8493: Fix for filenames with newlines using openssl dgst 875c9a9a34 Fix a memleak in apps/verify 7eba43e837 Add documents for SM2 cert verification 317ba78fe1 Add test cases for SM2 cert verification 3a8269b319 trace: rename the default trace category from 'ANY' to 'ALL' 02bd2d7f5c trace: apps/openssl: print the correct category name 6a411436a5 trace: fix out-of-bound memory access 0fda9f7c29 trace: don't pretend success if it's not enabled 2e6b615f79 s390x assembly pack: import poly from cryptogams repo 558ea84743 Remove heartbeats completely d88736df4d Windows, VMS: build fixes 72962d025f Correctly initialise PACKET to zero in the tests to avoid possible problems with padding bytes. 6fc1e6246f Propery initialise struct sslapitest_log_counts to zero using memset. 79bc34185f Correctly zero the DISPLAY_COLUMNS structure. 80de174281 Make the array zeroing explicit using memset. 2661d716d9 It isn't necessary to initialise a struct stat before a stat(2) system call. The initialisation was also flawed, failing to account for padding and alignment bytes. 64a45882c7 Ensure that the struct msghdr is properly zeroed. c75f80a468 openssl dgst: show MD name at all times - CHANGES entry 7ed4b97b61 openssl dgst: show MD name at all times 678d2681b2 Clear seed source structures. 9c98aa354d For the lack of GetModuleHandleEx(), we use DSO route for WinCE. Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). 3d098890b2 Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE. 09305a7d0a Avoid linking error for InitializeCriticalSectionAndSpinCount(). Replace it with InitializeCriticalSection() 88ffc8dea4 Avoid linking error on WCE700 for _InterlockedExchangeAdd(). This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp d69226a3fc Add the FIPS related continuous random number generator (CRNG) testing. Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. cd353c7768 Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64. 291bc802e4 IA64 assembly pack: add {chacha|poly1305}-ia64 modules. 952abb1521 Fixed unmatched BN_CTX_start/end if an invalid exponent is used. 711a161f03 Fix broken change from b3d113e. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1492, 253 wallclock secs ( 2.96 usr 0.35 sys + 228.03 cusr 12.92 csys = 244.26 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Apr 1 14:11:44 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Apr 2019 14:11:44 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm3 Message-ID: <1554127904.838597.13405.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm3 Commit log since last time: cad8347be2 fixed public range check in ec_GF2m_simple_oct2point 863360fbc5 Implement the param types that aren't explicitly lengthened (e.g. int) in terms of those that are (e.g. int32_t). f3448f5481 issue-8493: Fix for filenames with newlines using openssl dgst 875c9a9a34 Fix a memleak in apps/verify 7eba43e837 Add documents for SM2 cert verification 317ba78fe1 Add test cases for SM2 cert verification 3a8269b319 trace: rename the default trace category from 'ANY' to 'ALL' 02bd2d7f5c trace: apps/openssl: print the correct category name 6a411436a5 trace: fix out-of-bound memory access 0fda9f7c29 trace: don't pretend success if it's not enabled 2e6b615f79 s390x assembly pack: import poly from cryptogams repo 558ea84743 Remove heartbeats completely d88736df4d Windows, VMS: build fixes 72962d025f Correctly initialise PACKET to zero in the tests to avoid possible problems with padding bytes. 6fc1e6246f Propery initialise struct sslapitest_log_counts to zero using memset. 79bc34185f Correctly zero the DISPLAY_COLUMNS structure. 80de174281 Make the array zeroing explicit using memset. 2661d716d9 It isn't necessary to initialise a struct stat before a stat(2) system call. The initialisation was also flawed, failing to account for padding and alignment bytes. 64a45882c7 Ensure that the struct msghdr is properly zeroed. c75f80a468 openssl dgst: show MD name at all times - CHANGES entry 7ed4b97b61 openssl dgst: show MD name at all times 678d2681b2 Clear seed source structures. 9c98aa354d For the lack of GetModuleHandleEx(), we use DSO route for WinCE. Revert win32_pathbyaddr() which is used in DSO_dsobyaddr(). 3d098890b2 Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE. 09305a7d0a Avoid linking error for InitializeCriticalSectionAndSpinCount(). Replace it with InitializeCriticalSection() 88ffc8dea4 Avoid linking error on WCE700 for _InterlockedExchangeAdd(). This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp d69226a3fc Add the FIPS related continuous random number generator (CRNG) testing. Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. cd353c7768 Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64. 291bc802e4 IA64 assembly pack: add {chacha|poly1305}-ia64 modules. 952abb1521 Fixed unmatched BN_CTX_start/end if an invalid exponent is used. 711a161f03 Fix broken change from b3d113e. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1492, 252 wallclock secs ( 2.82 usr 0.40 sys + 226.35 cusr 13.54 csys = 243.11 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm3' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Mon Apr 1 15:46:29 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 01 Apr 2019 15:46:29 +0000 Subject: [openssl] master update Message-ID: <1554133589.847802.12549.nullmailer@dev.openssl.org> The branch master has been updated via 0b45d8eec051fd9816b6bf46a975fa461ffc983d (commit) from 9058d9bcd0a0391353720f7728a48596b575ad64 (commit) - Log ----------------------------------------------------------------- commit 0b45d8eec051fd9816b6bf46a975fa461ffc983d Author: Richard Levitte Date: Mon Apr 1 17:37:16 2019 +0200 Restore the "heartbeats" configuration option among the deprecated Removing the option entirely would break builds unnecessarily, so let's make it deprecated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8632) ----------------------------------------------------------------------- Summary of changes: CHANGES | 1 + Configure | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index 1d09314..28d732b 100644 --- a/CHANGES +++ b/CHANGES @@ -16,6 +16,7 @@ *) Removed the heartbeat message in DTLS feature, as it has very little usage and doesn't seem to fulfill a valuable purpose. + The configuration option is now deprecated. [Richard Levitte] *) Changed the output of 'openssl {digestname} < file' to display the diff --git a/Configure b/Configure index 258f991..df66abb 100755 --- a/Configure +++ b/Configure @@ -438,6 +438,7 @@ my %deprecated_disablables = ( "ripemd" => "rmd160", "ui" => "ui-console", "dso" => undef, + "heartbeats" => undef, ); # All of the following are disabled by default: From builds at travis-ci.org Mon Apr 1 16:08:07 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Apr 2019 16:08:07 +0000 Subject: Still Failing: openssl/openssl#24438 (master - 0b45d8e) In-Reply-To: Message-ID: <5ca23766bf6a5_43f84820f493423232c@c0f3a6ba-3f6e-494a-b08d-5a9201c84825.mail> Build Update for openssl/openssl ------------------------------------- Build: #24438 Status: Still Failing Duration: 21 mins and 0 secs Commit: 0b45d8e (master) Author: Richard Levitte Message: Restore the "heartbeats" configuration option among the deprecated Removing the option entirely would break builds unnecessarily, so let's make it deprecated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8632) View the changeset: https://github.com/openssl/openssl/compare/9058d9bcd0a0...0b45d8eec051 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514215916?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Apr 2 01:42:09 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Apr 2019 01:42:09 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1554169329.946678.5761.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 0b45d8eec0 Restore the "heartbeats" configuration option among the deprecated 9058d9bcd0 add documentation 005080aa62 apps: print Kernel receive side TLS in s_client and s_server 2fab79af46 sslapitest: add test ktls Rx c35e921ffa ssl: Linux TLS Rx Offload e401ef801e bio: Linux TLS Rx Offload f851a68932 Linux ktls Rx infrastructure 31b6ed76df Rework DSO API conditions and configuration option 9c119bc6b5 Fixed typo in enc.c warning Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../../openssl/test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1272, 137 wallclock secs ( 1.78 usr 0.32 sys + 117.40 cusr 10.58 csys = 130.08 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Apr 2 04:14:59 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Apr 2019 04:14:59 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-heartbeats Message-ID: <1554178499.302704.1929.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-heartbeats Commit log since last time: 0b45d8eec0 Restore the "heartbeats" configuration option among the deprecated 9058d9bcd0 add documentation 005080aa62 apps: print Kernel receive side TLS in s_client and s_server 2fab79af46 sslapitest: add test ktls Rx c35e921ffa ssl: Linux TLS Rx Offload e401ef801e bio: Linux TLS Rx Offload f851a68932 Linux ktls Rx infrastructure 31b6ed76df Rework DSO API conditions and configuration option 9c119bc6b5 Fixed typo in enc.c warning From levitte at openssl.org Tue Apr 2 05:42:36 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Apr 2019 05:42:36 +0000 Subject: [openssl] master update Message-ID: <1554183756.028079.23036.nullmailer@dev.openssl.org> The branch master has been updated via 521b7cb3883605740fb4727120f18810ba47d50b (commit) via 34786bdee0b2af74a84a32ca32bb1c2c256e6014 (commit) via 22b414672d0260904ef2f5f5304b02f96c67dd7e (commit) from 0b45d8eec051fd9816b6bf46a975fa461ffc983d (commit) - Log ----------------------------------------------------------------- commit 521b7cb3883605740fb4727120f18810ba47d50b Author: Richard Levitte Date: Sun Mar 31 15:26:26 2019 +0200 Correct the checks of module availability in provider test programs Previously, the macro OPENSSL_NO_SHARED was defined of the test/p_test module wasn't built, but the provider test programs didn't check that macro. We rename it to OPENSSL_NO_MODULE, since that name describes the situation more than OPENSSL_NO_SHARED does, and use it. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8623) commit 34786bdee0b2af74a84a32ca32bb1c2c256e6014 Author: Richard Levitte Date: Sun Mar 31 15:17:58 2019 +0200 Configuration / build: make it possible to disable building of modules While we're at it, sort out inconsistencies with the build of modules: - not building shared libraries means not building dynamic engines. However, other modules may still be built. - not having DSO functionality doesn't mean not to build modules (even though we can't use them from apps linked with libraries that are built this way). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8623) commit 22b414672d0260904ef2f5f5304b02f96c67dd7e Author: Richard Levitte Date: Sun Mar 31 15:14:00 2019 +0200 Build cleanup: don't use SHARED_SOURCE with modules SHARED_SOURCE is reserved for products that are expected to come in dual shared / non-shared form, i.e. the routine libraries like libcrypto and libssl, to distinguish source that should only appear in their shared form. Modules are always shared, so there's no need for them to have this type of distinction. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8623) ----------------------------------------------------------------------- Summary of changes: Configurations/common.tmpl | 4 ++-- Configure | 29 +++++++++++++++++++++-------- engines/build.info | 12 ++++++------ test/build.info | 9 +++++---- test/provider_internal_test.c | 9 ++------- test/provider_test.c | 10 ++-------- 6 files changed, 38 insertions(+), 35 deletions(-) diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl index 5ca0d56..62b1102 100644 --- a/Configurations/common.tmpl +++ b/Configurations/common.tmpl @@ -151,9 +151,9 @@ return "" if $cache{$lib}; $OUT .= obj2dso(lib => $lib, attrs => $unified_info{attributes}->{$lib}, - objs => $unified_info{shared_sources}->{$lib}, + objs => $unified_info{sources}->{$lib}, deps => [ resolvedepends($lib) ]); - foreach (@{$unified_info{shared_sources}->{$lib}}) { + foreach (@{$unified_info{sources}->{$lib}}) { # If this is somehow a compiled object, take care of it that way # Otherwise, it might simply be generated if (defined $unified_info{sources}->{$_}) { diff --git a/Configure b/Configure index df66abb..62f4af5 100755 --- a/Configure +++ b/Configure @@ -377,6 +377,7 @@ my @disablables = ( "md2", "md4", "mdc2", + "module", "msan", "multiblock", "nextprotoneg", @@ -493,9 +494,23 @@ my @disable_cascades = ( "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], - # Without position independent code, there can be no shared libraries or DSOs - "pic" => [ "shared" ], + # If no modules, then no dynamic engines either + "module" => [ "dynamic-engine" ], + + # Without shared libraries, dynamic engines aren't possible. + # This is due to them having to link with libcrypto and register features + # using the ENGINE functionality, and since that relies on global tables, + # those *have* to be exacty the same as the ones accessed from the app, + # which cannot be guaranteed if shared libraries aren't present. + # (note that even with shared libraries, both the app and dynamic engines + # must be linked with the same library) "shared" => [ "dynamic-engine" ], + # Other modules don't necessarily have to link with libcrypto, so shared + # libraries do not have to be a condition to produce those. + + # Without position independent code, there can be no shared libraries + # or modules. + "pic" => [ "shared", "module" ], "engine" => [ grep /eng$/, @disablables ], "hw" => [ "padlockeng" ], @@ -1206,7 +1221,7 @@ foreach my $what (sort keys %disabled) { $config{options} .= " no-$what"; - if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', + if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'module', 'pic', 'dynamic-engine', 'makedepend', 'zlib-dynamic', 'zlib', 'sse2' )) { (my $WHAT = uc $what) =~ s|-|_|g; @@ -1312,9 +1327,8 @@ if ($target{shared_target} eq "") { $no_shared_warn = 1 if (!$disabled{shared} || !$disabled{"dynamic-engine"}); - $disabled{shared} = "no-shared-target"; $disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} = - "no-shared-target"; + $disabled{module} = "no-shared-target"; } if ($disabled{"dynamic-engine"}) { @@ -2191,9 +2205,8 @@ EOF src => [ 'sources', 'shared_sources' ], dst => 'shared_sources' } }, - modules => { dso => { src => [ 'sources', - 'shared_sources' ], - dst => 'shared_sources' } }, + modules => { dso => { src => [ 'sources' ], + dst => 'sources' } }, scripts => { script => { src => [ 'sources' ], dst => 'sources' } } } -> {$prodtype}; diff --git a/engines/build.info b/engines/build.info index 16907da..3189f9f 100644 --- a/engines/build.info +++ b/engines/build.info @@ -21,7 +21,7 @@ IF[{- !$disabled{"engine"} -}] DEPEND[padlock]=../libcrypto INCLUDE[padlock]=../include IF[{- defined $target{shared_defflag} -}] - SHARED_SOURCE[padlock]=padlock.ld + SOURCE[padlock]=padlock.ld GENERATE[padlock.ld]=../util/engines.num ENDIF ENDIF @@ -31,7 +31,7 @@ IF[{- !$disabled{"engine"} -}] DEPEND[capi]=../libcrypto INCLUDE[capi]=../include IF[{- defined $target{shared_defflag} -}] - SHARED_SOURCE[capi]=capi.ld + SOURCE[capi]=capi.ld GENERATE[capi.ld]=../util/engines.num ENDIF ENDIF @@ -41,7 +41,7 @@ IF[{- !$disabled{"engine"} -}] DEPEND[afalg]=../libcrypto INCLUDE[afalg]= ../include IF[{- defined $target{shared_defflag} -}] - SHARED_SOURCE[afalg]=afalg.ld + SOURCE[afalg]=afalg.ld GENERATE[afalg.ld]=../util/engines.num ENDIF ENDIF @@ -51,7 +51,7 @@ IF[{- !$disabled{"engine"} -}] DEPEND[devcrypto]=../libcrypto INCLUDE[devcrypto]=../include IF[{- defined $target{shared_defflag} -}] - SHARED_SOURCE[devcrypto]=devcrypto.ld + SOURCE[devcrypto]=devcrypto.ld GENERATE[devcrypto.ld]=../util/engines.num ENDIF ENDIF @@ -61,14 +61,14 @@ IF[{- !$disabled{"engine"} -}] DEPEND[dasync]=../libcrypto INCLUDE[dasync]=../include IF[{- defined $target{shared_defflag} -}] - SHARED_SOURCE[dasync]=dasync.ld + SOURCE[dasync]=dasync.ld GENERATE[dasync.ld]=../util/engines.num ENDIF SOURCE[ossltest]=e_ossltest.c DEPEND[ossltest]=../libcrypto INCLUDE[ossltest]=../include IF[{- defined $target{shared_defflag} -}] - SHARED_SOURCE[ossltest]=ossltest.ld + SOURCE[ossltest]=ossltest.ld GENERATE[ossltest.ld]=../util/engines.num ENDIF ENDIF diff --git a/test/build.info b/test/build.info index 13d6630..973536d 100644 --- a/test/build.info +++ b/test/build.info @@ -603,7 +603,7 @@ IF[{- !$disabled{tests} -}] SOURCE[provider_test]=provider_test.c p_test.c INCLUDE[provider_test]=../include ../apps/include DEPEND[provider_test]=../libcrypto.a libtestutil.a - IF[{- !$disabled{shared} -}] + IF[{- !$disabled{module} -}] MODULES{noinst}=p_test SOURCE[p_test]=p_test.c INCLUDE[p_test]=../include @@ -611,9 +611,10 @@ IF[{- !$disabled{tests} -}] SOURCE[p_test]=p_test.ld GENERATE[p_test.ld]=../util/providers.num ENDIF - ELSE - DEFINE[provider_test]=OPENSSL_NO_SHARED - DEFINE[provider_internal_test]=OPENSSL_NO_SHARED + ENDIF + IF[{- $disabled{module} || !$target{dso_scheme} -}] + DEFINE[provider_test]=OPENSSL_NO_MODULE + DEFINE[provider_internal_test]=OPENSSL_NO_MODULE ENDIF PROGRAMS{noinst}=params_test diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c index 7f6bb20..cbb85c3 100644 --- a/test/provider_internal_test.c +++ b/test/provider_internal_test.c @@ -11,11 +11,6 @@ #include "internal/provider.h" #include "testutil.h" -#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) \ - && !defined(DSO_WIN32) && !defined(DSO_DLFCN) -# define OPENSSL_NO_DSO -#endif - extern OSSL_provider_init_fn PROVIDER_INIT_FUNCTION_NAME; static char buf[256]; @@ -61,7 +56,7 @@ static int test_builtin_provider(void) && test_provider(prov); } -#ifndef OPENSSL_NO_DSO +#ifndef OPENSSL_NO_MODULE static int test_loaded_provider(void) { const char *name = "p_test"; @@ -76,7 +71,7 @@ static int test_loaded_provider(void) int setup_tests(void) { ADD_TEST(test_builtin_provider); -#ifndef OPENSSL_NO_DSO +#ifndef OPENSSL_NO_MODULE ADD_TEST(test_loaded_provider); #endif return 1; diff --git a/test/provider_test.c b/test/provider_test.c index cba7cba..ee6f94c 100644 --- a/test/provider_test.c +++ b/test/provider_test.c @@ -11,12 +11,6 @@ #include #include "testutil.h" -#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) \ - && !defined(DSO_WIN32) && !defined(DSO_DLFCN) -# define OPENSSL_NO_DSO -#endif - - extern OSSL_provider_init_fn PROVIDER_INIT_FUNCTION_NAME; static char buf[256]; @@ -55,7 +49,7 @@ static int test_builtin_provider(void) && test_provider(name); } -#ifndef OPENSSL_NO_DSO +#ifndef OPENSSL_NO_MODULE static int test_loaded_provider(void) { const char *name = "p_test"; @@ -67,7 +61,7 @@ static int test_loaded_provider(void) int setup_tests(void) { ADD_TEST(test_builtin_provider); -#ifndef OPENSSL_NO_DSO +#ifndef OPENSSL_NO_MODULE ADD_TEST(test_loaded_provider); #endif return 1; From openssl at openssl.org Tue Apr 2 06:19:08 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Apr 2019 06:19:08 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-heartbeats Message-ID: <1554185948.521067.2442.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-heartbeats Commit log since last time: 0b45d8eec0 Restore the "heartbeats" configuration option among the deprecated 9058d9bcd0 add documentation 005080aa62 apps: print Kernel receive side TLS in s_client and s_server 2fab79af46 sslapitest: add test ktls Rx c35e921ffa ssl: Linux TLS Rx Offload e401ef801e bio: Linux TLS Rx Offload f851a68932 Linux ktls Rx infrastructure 31b6ed76df Rework DSO API conditions and configuration option 9c119bc6b5 Fixed typo in enc.c warning From builds at travis-ci.org Tue Apr 2 06:44:04 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Apr 2019 06:44:04 +0000 Subject: Still Failing: openssl/openssl#24446 (master - 521b7cb) In-Reply-To: Message-ID: <5ca304b3d0e69_43f9866d90ed410865a@dcee8125-3236-499d-a5b7-04a1686a1d0a.mail> Build Update for openssl/openssl ------------------------------------- Build: #24446 Status: Still Failing Duration: 11 mins and 18 secs Commit: 521b7cb (master) Author: Richard Levitte Message: Correct the checks of module availability in provider test programs Previously, the macro OPENSSL_NO_SHARED was defined of the test/p_test module wasn't built, but the provider test programs didn't check that macro. We rename it to OPENSSL_NO_MODULE, since that name describes the situation more than OPENSSL_NO_SHARED does, and use it. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8623) View the changeset: https://github.com/openssl/openssl/compare/0b45d8eec051...521b7cb38836 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514512140?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Apr 2 06:54:30 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Apr 2019 06:54:30 +0000 Subject: Build failed: openssl master.23849 Message-ID: <20190402065430.1.120E055F95F22B20@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Apr 2 08:02:37 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Apr 2019 08:02:37 +0000 Subject: Build failed: openssl master.23850 Message-ID: <20190402080237.1.31D01347569CD59B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Apr 2 08:31:37 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Apr 2019 08:31:37 +0000 Subject: Build failed: openssl master.23851 Message-ID: <20190402083137.1.060E4CD5B4D30828@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Apr 2 09:29:29 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Apr 2019 09:29:29 +0000 Subject: [openssl] master update Message-ID: <1554197369.090064.1074.nullmailer@dev.openssl.org> The branch master has been updated via cc8926ec8fcecae89ceab91ef753de93e49568f9 (commit) from 521b7cb3883605740fb4727120f18810ba47d50b (commit) - Log ----------------------------------------------------------------- commit cc8926ec8fcecae89ceab91ef753de93e49568f9 Author: Richard Levitte Date: Tue Apr 2 11:14:10 2019 +0200 crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT This helps decide if the BCrypt API should be used or not. Fixes #8635 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8638) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 278aee0..02d96a8 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -11,6 +11,7 @@ #include #include "rand_lcl.h" #include "internal/rand_int.h" +#include "e_os.h" /* For a default _WIN32_WINNT */ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # ifndef OPENSSL_RAND_SEED_OS From levitte at openssl.org Tue Apr 2 09:30:49 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Apr 2019 09:30:49 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554197449.009633.2017.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7a3c4b374bf5e7aa990ac473acba7db1c941f876 (commit) from e686a2774e9b4846070503cb6ed2ec0f707627a7 (commit) - Log ----------------------------------------------------------------- commit 7a3c4b374bf5e7aa990ac473acba7db1c941f876 Author: Richard Levitte Date: Tue Apr 2 11:14:10 2019 +0200 crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT This helps decide if the BCrypt API should be used or not. Fixes #8635 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8638) (cherry picked from commit cc8926ec8fcecae89ceab91ef753de93e49568f9) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d2039eb..581a2f1 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -11,6 +11,7 @@ #include #include "rand_lcl.h" #include "internal/rand_int.h" +#include "e_os.h" /* For a default _WIN32_WINNT */ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # ifndef OPENSSL_RAND_SEED_OS From builds at travis-ci.org Tue Apr 2 10:01:20 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Apr 2019 10:01:20 +0000 Subject: Still Failing: openssl/openssl#24452 (master - cc8926e) In-Reply-To: Message-ID: <5ca332f062c3_43ff0be5a3180128512@d1bb7ef0-7ffd-4e5c-a560-46bb9832f03c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24452 Status: Still Failing Duration: 22 mins and 3 secs Commit: cc8926e (master) Author: Richard Levitte Message: crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT This helps decide if the BCrypt API should be used or not. Fixes #8635 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8638) View the changeset: https://github.com/openssl/openssl/compare/521b7cb38836...cc8926ec8fce View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514584567?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 2 10:13:34 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Apr 2019 10:13:34 +0000 Subject: Still Failing: openssl/openssl#24453 (OpenSSL_1_1_1-stable - 7a3c4b3) In-Reply-To: Message-ID: <5ca335cd95cd6_43fb529a15fa479778@1293b5b6-8d14-45de-9029-b85d4cf1d646.mail> Build Update for openssl/openssl ------------------------------------- Build: #24453 Status: Still Failing Duration: 23 mins and 37 secs Commit: 7a3c4b3 (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT This helps decide if the BCrypt API should be used or not. Fixes #8635 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8638) (cherry picked from commit cc8926ec8fcecae89ceab91ef753de93e49568f9) View the changeset: https://github.com/openssl/openssl/compare/e686a2774e9b...7a3c4b374bf5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514585232?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Tue Apr 2 12:29:31 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 02 Apr 2019 12:29:31 +0000 Subject: [openssl] master update Message-ID: <1554208171.126464.16389.nullmailer@dev.openssl.org> The branch master has been updated via 2621e6405d7f4765bc57c86ec441129e7d367f14 (commit) from cc8926ec8fcecae89ceab91ef753de93e49568f9 (commit) - Log ----------------------------------------------------------------- commit 2621e6405d7f4765bc57c86ec441129e7d367f14 Author: Dr. Matthias St. Pierre Date: Tue Apr 2 12:35:46 2019 +0200 rand_win.c: loosen version requirements for BCryptGenRandom BCryptGenRandom() is available for Windows Vista and newer versions, see https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8639) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 02d96a8..d5d5518 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -19,8 +19,8 @@ # endif # include -/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */ -# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601 +/* On Windows Vista or higher use BCrypt instead of the legacy CryptoAPI */ +# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 # define USE_BCRYPTGENRANDOM # endif From matthias.st.pierre at ncp-e.com Tue Apr 2 12:30:06 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 02 Apr 2019 12:30:06 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554208206.196980.17205.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5a87dd1d34e6f7dd9c4cef45b88f12d84e050215 (commit) from 7a3c4b374bf5e7aa990ac473acba7db1c941f876 (commit) - Log ----------------------------------------------------------------- commit 5a87dd1d34e6f7dd9c4cef45b88f12d84e050215 Author: Dr. Matthias St. Pierre Date: Tue Apr 2 12:35:46 2019 +0200 rand_win.c: loosen version requirements for BCryptGenRandom BCryptGenRandom() is available for Windows Vista and newer versions, see https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8639) (cherry picked from commit 2621e6405d7f4765bc57c86ec441129e7d367f14) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 581a2f1..f21c894 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -19,8 +19,8 @@ # endif # include -/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */ -# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601 +/* On Windows Vista or higher use BCrypt instead of the legacy CryptoAPI */ +# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 # define USE_BCRYPTGENRANDOM # endif From levitte at openssl.org Tue Apr 2 12:50:00 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Apr 2019 12:50:00 +0000 Subject: [openssl] master update Message-ID: <1554209400.209783.19464.nullmailer@dev.openssl.org> The branch master has been updated via 705a27f7e07c006b167b59070ff635a61f8e0407 (commit) from 2621e6405d7f4765bc57c86ec441129e7d367f14 (commit) - Log ----------------------------------------------------------------- commit 705a27f7e07c006b167b59070ff635a61f8e0407 Author: Richard Levitte Date: Tue Apr 2 14:40:11 2019 +0200 Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" I turns out that this made crypto/rand/rand_win.c to never build with BCrypt support unless the user sets _WIN32_WINNT. That wasn't the intent. This reverts commit cc8926ec8fcecae89ceab91ef753de93e49568f9. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8641) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d5d5518..17ab137 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -11,7 +11,6 @@ #include #include "rand_lcl.h" #include "internal/rand_int.h" -#include "e_os.h" /* For a default _WIN32_WINNT */ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # ifndef OPENSSL_RAND_SEED_OS From levitte at openssl.org Tue Apr 2 12:50:37 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Apr 2019 12:50:37 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554209437.088908.20370.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a88bafcdb7c24a14c277e47cdde014886a91d7cc (commit) from 5a87dd1d34e6f7dd9c4cef45b88f12d84e050215 (commit) - Log ----------------------------------------------------------------- commit a88bafcdb7c24a14c277e47cdde014886a91d7cc Author: Richard Levitte Date: Tue Apr 2 14:40:11 2019 +0200 Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" I turns out that this made crypto/rand/rand_win.c to never build with BCrypt support unless the user sets _WIN32_WINNT. That wasn't the intent. This reverts commit cc8926ec8fcecae89ceab91ef753de93e49568f9. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8641) (cherry picked from commit 705a27f7e07c006b167b59070ff635a61f8e0407) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index f21c894..b687081 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -11,7 +11,6 @@ #include #include "rand_lcl.h" #include "internal/rand_int.h" -#include "e_os.h" /* For a default _WIN32_WINNT */ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # ifndef OPENSSL_RAND_SEED_OS From builds at travis-ci.org Tue Apr 2 12:53:09 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Apr 2019 12:53:09 +0000 Subject: Still Failing: openssl/openssl#24456 (master - 2621e64) In-Reply-To: Message-ID: <5ca35b351f288_43ff448963b0c2303ed@735d4bac-cbb1-47c3-97b8-0aed578d6719.mail> Build Update for openssl/openssl ------------------------------------- Build: #24456 Status: Still Failing Duration: 23 mins and 5 secs Commit: 2621e64 (master) Author: Dr. Matthias St. Pierre Message: rand_win.c: loosen version requirements for BCryptGenRandom BCryptGenRandom() is available for Windows Vista and newer versions, see https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8639) View the changeset: https://github.com/openssl/openssl/compare/cc8926ec8fce...2621e6405d7f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514655749?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 2 13:06:06 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Apr 2019 13:06:06 +0000 Subject: Still Failing: openssl/openssl#24457 (OpenSSL_1_1_1-stable - 5a87dd1) In-Reply-To: Message-ID: <5ca35e3e6c93e_43f9866d90dd019168@dcee8125-3236-499d-a5b7-04a1686a1d0a.mail> Build Update for openssl/openssl ------------------------------------- Build: #24457 Status: Still Failing Duration: 20 mins and 9 secs Commit: 5a87dd1 (OpenSSL_1_1_1-stable) Author: Dr. Matthias St. Pierre Message: rand_win.c: loosen version requirements for BCryptGenRandom BCryptGenRandom() is available for Windows Vista and newer versions, see https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8639) (cherry picked from commit 2621e6405d7f4765bc57c86ec441129e7d367f14) View the changeset: https://github.com/openssl/openssl/compare/7a3c4b374bf5...5a87dd1d34e6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514655967?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 2 13:28:03 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Apr 2019 13:28:03 +0000 Subject: Still Failing: openssl/openssl#24459 (master - 705a27f) In-Reply-To: Message-ID: <5ca36362f178a_43fbc14d91de4179898@ddbb501b-306a-46b2-9907-ff12618c9b40.mail> Build Update for openssl/openssl ------------------------------------- Build: #24459 Status: Still Failing Duration: 25 mins and 24 secs Commit: 705a27f (master) Author: Richard Levitte Message: Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" I turns out that this made crypto/rand/rand_win.c to never build with BCrypt support unless the user sets _WIN32_WINNT. That wasn't the intent. This reverts commit cc8926ec8fcecae89ceab91ef753de93e49568f9. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8641) View the changeset: https://github.com/openssl/openssl/compare/2621e6405d7f...705a27f7e07c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514664654?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 2 13:36:10 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Apr 2019 13:36:10 +0000 Subject: Still Failing: openssl/openssl#24460 (OpenSSL_1_1_1-stable - a88bafc) In-Reply-To: Message-ID: <5ca36549e271a_43fbf2737ce6022212b@9d86cc8f-643d-4aab-81fe-1031b608686a.mail> Build Update for openssl/openssl ------------------------------------- Build: #24460 Status: Still Failing Duration: 28 mins and 33 secs Commit: a88bafc (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" I turns out that this made crypto/rand/rand_win.c to never build with BCrypt support unless the user sets _WIN32_WINNT. That wasn't the intent. This reverts commit cc8926ec8fcecae89ceab91ef753de93e49568f9. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8641) (cherry picked from commit 705a27f7e07c006b167b59070ff635a61f8e0407) View the changeset: https://github.com/openssl/openssl/compare/5a87dd1d34e6...a88bafcdb7c2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/514664980?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Apr 2 14:25:07 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Apr 2019 14:25:07 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm2 Message-ID: <1554215107.973051.11801.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: 0b45d8eec0 Restore the "heartbeats" configuration option among the deprecated 9058d9bcd0 add documentation 005080aa62 apps: print Kernel receive side TLS in s_client and s_server 2fab79af46 sslapitest: add test ktls Rx c35e921ffa ssl: Linux TLS Rx Offload e401ef801e bio: Linux TLS Rx Offload f851a68932 Linux ktls Rx infrastructure 31b6ed76df Rework DSO API conditions and configuration option 9c119bc6b5 Fixed typo in enc.c warning Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1492, 245 wallclock secs ( 2.92 usr 0.42 sys + 217.88 cusr 13.30 csys = 234.52 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Apr 2 14:33:13 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Apr 2019 14:33:13 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm3 Message-ID: <1554215593.146100.8713.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm3 Commit log since last time: 0b45d8eec0 Restore the "heartbeats" configuration option among the deprecated 9058d9bcd0 add documentation 005080aa62 apps: print Kernel receive side TLS in s_client and s_server 2fab79af46 sslapitest: add test ktls Rx c35e921ffa ssl: Linux TLS Rx Offload e401ef801e bio: Linux TLS Rx Offload f851a68932 Linux ktls Rx infrastructure 31b6ed76df Rework DSO API conditions and configuration option 9c119bc6b5 Fixed typo in enc.c warning Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1492, 256 wallclock secs ( 3.11 usr 0.36 sys + 231.72 cusr 13.28 csys = 248.47 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm3' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Apr 3 01:40:08 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Apr 2019 01:40:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1554255608.131381.23771.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 705a27f7e0 Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" 2621e6405d rand_win.c: loosen version requirements for BCryptGenRandom cc8926ec8f crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT 521b7cb388 Correct the checks of module availability in provider test programs 34786bdee0 Configuration / build: make it possible to disable building of modules 22b414672d Build cleanup: don't use SHARED_SOURCE with modules Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../../openssl/test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1272, 138 wallclock secs ( 1.80 usr 0.34 sys + 120.52 cusr 10.54 csys = 133.20 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Wed Apr 3 06:04:17 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 03 Apr 2019 06:04:17 +0000 Subject: [openssl] master update Message-ID: <1554271457.860176.20864.nullmailer@dev.openssl.org> The branch master has been updated via 5516c19b0314ef9416c5b02ae6347c4f52209e6a (commit) from 705a27f7e07c006b167b59070ff635a61f8e0407 (commit) - Log ----------------------------------------------------------------- commit 5516c19b0314ef9416c5b02ae6347c4f52209e6a Author: Pauli Date: Wed Apr 3 16:03:46 2019 +1000 AES-XTS block limit. Limit the number of AES blocks in a data unit to 2^20 or less. This corresponds to the mandates in IEEE Std 1619-2018 and NIST SP 800-38E. Note: that this is a change from IEEE Std 1619-2007 which only recommended this limit. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8627) ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 +++ crypto/err/openssl.txt | 2 ++ crypto/evp/e_aes.c | 13 ++++++++++++- crypto/evp/evp_err.c | 3 +++ crypto/modes/modes_lcl.h | 6 ++++++ include/openssl/evperr.h | 2 ++ 6 files changed, 28 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 28d732b..e70e42b 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,9 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Limit the number of blocks in a data unit for AES-XTS to 2^20 as + mandated by IEEE Std 1619-2018. + *) Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 27e1890..8808b25 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -756,6 +756,7 @@ EVP_F_AES_INIT_KEY:133:aes_init_key EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher +EVP_F_AES_XTS_CIPHER:229:aes_xts_cipher EVP_F_ALG_MODULE_INIT:177:alg_module_init EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl @@ -2413,6 +2414,7 @@ EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type EVP_R_UPDATE_ERROR:189:update error EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length +EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE:191:xts data unit is too large KDF_R_INVALID_DIGEST:100:invalid digest KDF_R_INVALID_MAC_TYPE:116:invalid mac type KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 5b473bc..b628c05 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -3520,6 +3520,17 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; /* + * Impose a limit of 2^20 blocks per data unit as specifed by + * IEEE Std 1619-2018. The earlier and obsolete IEEE Std 1619-2007 + * indicated that this was a SHOULD NOT rather than a MUST NOT. + * NIST SP 800-38E mandates the same limit. + */ + if (len > XTS_MAX_BLOCKS_PER_DATA_UNIT * AES_BLOCK_SIZE) { + EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE); + return 0; + } + + /* * Verify that the two keys are different. * * This addresses the vulnerability described in Rogaway's September 2004 diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 068120e..6e72b6b 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -21,6 +21,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, @@ -303,6 +304,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), + "xts data unit is too large"}, {0, NULL} }; diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index 0517808..aed79ff 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -133,6 +133,12 @@ struct gcm128_context { #endif }; +/* + * The maximum permitted number of cipher blocks per data unit in XTS mode. + * Reference IEEE Std 1619-2018. + */ +#define XTS_MAX_BLOCKS_PER_DATA_UNIT (1<<20) + struct xts128_context { void *key1, *key2; block128_f block1, block2; diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 598930a..d60402c 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -30,6 +30,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 # define EVP_F_AES_WRAP_CIPHER 170 +# define EVP_F_AES_XTS_CIPHER 229 # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 @@ -225,5 +226,6 @@ int ERR_load_EVP_strings(void); # define EVP_R_UPDATE_ERROR 189 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 #endif From openssl at openssl.org Wed Apr 3 06:09:56 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Apr 2019 06:09:56 +0000 Subject: FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1554271796.132113.23660.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 705a27f7e0 Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" 2621e6405d rand_win.c: loosen version requirements for BCryptGenRandom cc8926ec8f crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT 521b7cb388 Correct the checks of module availability in provider test programs 34786bdee0 Configuration / build: make it possible to disable building of modules 22b414672d Build cleanup: don't use SHARED_SOURCE with modules Build log ended with (last 100 lines): ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/02-test_internal_provider.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 ../../openssl/test/recipes/04-test_provider.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=168, Tests=1294, 266 wallclock secs ( 0.96 usr 0.36 sys + 238.25 cusr 12.30 csys = 251.87 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Wed Apr 3 06:22:59 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 06:22:59 +0000 Subject: Still Failing: openssl/openssl#24467 (master - 5516c19) In-Reply-To: Message-ID: <5ca451432366a_43fc4edbbdbf81354a1@61622a19-961f-4e90-8ebb-880d9b5d44c7.mail> Build Update for openssl/openssl ------------------------------------- Build: #24467 Status: Still Failing Duration: 17 mins and 58 secs Commit: 5516c19 (master) Author: Pauli Message: AES-XTS block limit. Limit the number of AES blocks in a data unit to 2^20 or less. This corresponds to the mandates in IEEE Std 1619-2018 and NIST SP 800-38E. Note: that this is a change from IEEE Std 1619-2007 which only recommended this limit. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8627) View the changeset: https://github.com/openssl/openssl/compare/705a27f7e07c...5516c19b0314 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515030005?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 3 08:44:37 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Apr 2019 08:44:37 +0000 Subject: Build failed: openssl master.23873 Message-ID: <20190403084437.1.162CC940BF2481CA@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 3 09:12:34 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Apr 2019 09:12:34 +0000 Subject: Build completed: openssl master.23874 Message-ID: <20190403091234.1.7092DA7C973F0887@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Apr 3 09:43:23 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 03 Apr 2019 09:43:23 +0000 Subject: [openssl] master update Message-ID: <1554284603.852998.12784.nullmailer@dev.openssl.org> The branch master has been updated via b6670f690c4244e63dbc02a2ba25061f9c53945f (commit) via 6d872a838df78518508b5661d98da62a097317b1 (commit) via abbc2c408385326d9c9cd60b92a6c92b945c1d96 (commit) via ac1055ef13ccb5789e2bed7b9688c8eb16dd05ce (commit) from 5516c19b0314ef9416c5b02ae6347c4f52209e6a (commit) - Log ----------------------------------------------------------------- commit b6670f690c4244e63dbc02a2ba25061f9c53945f Author: Richard Levitte Date: Sat Mar 30 22:25:00 2019 +0100 Replumbing: add documentation for the provider configuration module Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8549) commit 6d872a838df78518508b5661d98da62a097317b1 Author: Richard Levitte Date: Sat Mar 30 22:10:39 2019 +0100 Add test for the provider configuration module We reuse test/provider_internal_test.c and test/p_test.c, and get it loaded one more time via the configuration file test/provider_internal_test.conf To support different platform standards regarding module extensions, we generate test/provider_internal_test.conf Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8549) commit abbc2c408385326d9c9cd60b92a6c92b945c1d96 Author: Richard Levitte Date: Wed Mar 20 16:53:19 2019 +0100 Replumbing: add a configuration module for providers This configuration module supports a configuration structure pretty much like the engine configuration module, i.e. something like this: openssl_conf = openssl_init [openssl_init] providers = provider_section [provider_section] # Configure the provider named "foo" foo = foo_section # Configure the provider named "bar" bar = bar_section [foo_section] # Override name given in the provider section identity = myfoo # The exact path of the module. This is platform specific module_path = /opt/openssl/modules/foo.so # Whether it should be automatically activated. Value is unimportant activate = whatever # Anything else goes as well, and becomes parameters that the # provider can get what = 1 # sub-sections will be followed as well ever = ever_section [ever_section] cookie = monster All the configurations in a provider section and its sub-sections become parameters for the provider to get, i.e. the "foo" provider will be able to get values for the following keys (with associated values shown): identity => myfoo module_path => /opt/openssl/modules/foo.so activate => whatever what => 1 ever.cookie => monster Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8549) commit ac1055ef13ccb5789e2bed7b9688c8eb16dd05ce Author: Richard Levitte Date: Thu Mar 21 08:44:06 2019 +0100 Replumbing: add functionality to set provider parameters Provider parameters are parameters set by the core that the provider can retrieve. The primary use it to support making OpenSSL configuration data available to the provider. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8549) ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 + crypto/build.info | 3 +- crypto/conf/conf_mall.c | 2 + crypto/cpt_err.c | 10 ++ crypto/err/openssl.txt | 5 + crypto/provider_conf.c | 179 +++++++++++++++++++++++++++++++ crypto/provider_core.c | 102 ++++++++++++++---- doc/man5/config.pod | 61 +++++++++++ include/internal/provider.h | 7 +- include/openssl/cryptoerr.h | 5 + test/build.info | 2 + test/p_test.c | 20 +++- test/provider_internal_test.c | 43 +++++--- test/provider_internal_test.conf.in | 13 +++ test/recipes/02-test_internal_provider.t | 5 +- 15 files changed, 418 insertions(+), 41 deletions(-) create mode 100644 crypto/provider_conf.c create mode 100644 test/provider_internal_test.conf.in diff --git a/.gitignore b/.gitignore index 61c68f4..b32122c 100644 --- a/.gitignore +++ b/.gitignore @@ -60,6 +60,8 @@ Makefile /test/versions /test/ossl_shim/ossl_shim /test/rsa_complex +# Other generated files in test/ +/test/provider_internal_test.conf # Certain files that get created by tests on the fly /test/test-runs diff --git a/crypto/build.info b/crypto/build.info index 535fa35..a6f3524 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -9,7 +9,8 @@ SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 x509v3 conf \ LIBS=../libcrypto # The Core -SOURCE[../libcrypto]=provider_core.c provider_predefined.c core_fetch.c +SOURCE[../libcrypto]=provider_core.c provider_predefined.c provider_conf.c \ + core_fetch.c # Central utilities SOURCE[../libcrypto]=\ diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index e1d0e7a..28003a8 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -14,6 +14,7 @@ #include #include #include +#include "internal/provider.h" #include "conf_lcl.h" /* Load all OpenSSL builtin modules */ @@ -28,4 +29,5 @@ void OPENSSL_load_builtin_modules(void) #endif EVP_add_alg_module(); conf_add_ssl_module(); + ossl_provider_add_conf_module(); } diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 3c3265d..8c38692 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -50,8 +50,12 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = { "OSSL_PROVIDER_add_builtin"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ACTIVATE, 0), "ossl_provider_activate"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER, 0), + "ossl_provider_add_parameter"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_NEW, 0), "ossl_provider_new"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH, 0), + "ossl_provider_set_module_path"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0), "pkey_poly1305_init"}, @@ -59,6 +63,10 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = { "pkey_siphash_init"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_ACTIVATE, 0), "provider_activate"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_CONF_INIT, 0), + "provider_conf_init"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_CONF_LOAD, 0), + "provider_conf_load"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_NEW, 0), "provider_new"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PROVIDER_STORE_NEW, 0), "provider_store_new"}, @@ -75,6 +83,8 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = { "odd number of digits"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_ALREADY_EXISTS), "provider already exists"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_SECTION_ERROR), + "provider section error"}, {0, NULL} }; diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8808b25..fbf35d1 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -392,11 +392,15 @@ CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup CRYPTO_F_OSSL_PROVIDER_ACTIVATE:130:ossl_provider_activate CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN:132:OSSL_PROVIDER_add_builtin +CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER:139:ossl_provider_add_parameter CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new +CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH:140:ossl_provider_set_module_path CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init CRYPTO_F_PROVIDER_ACTIVATE:134:provider_activate +CRYPTO_F_PROVIDER_CONF_INIT:137:provider_conf_init +CRYPTO_F_PROVIDER_CONF_LOAD:138:provider_conf_load CRYPTO_F_PROVIDER_NEW:135:provider_new CRYPTO_F_PROVIDER_STORE_NEW:136:provider_store_new CRYPTO_F_SK_RESERVE:129:sk_reserve @@ -2160,6 +2164,7 @@ CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits CRYPTO_R_PROVIDER_ALREADY_EXISTS:104:provider already exists +CRYPTO_R_PROVIDER_SECTION_ERROR:105:provider section error CT_R_BASE64_DECODE_ERROR:108:base64 decode error CT_R_INVALID_LOG_ID_LENGTH:100:invalid log id length CT_R_LOG_CONF_INVALID:109:log conf invalid diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c new file mode 100644 index 0000000..9d9b7a1 --- /dev/null +++ b/crypto/provider_conf.c @@ -0,0 +1,179 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/provider.h" + +/* PROVIDER config module */ + +DEFINE_STACK_OF(OSSL_PROVIDER) +static STACK_OF(OSSL_PROVIDER) *activated_providers = NULL; + +static const char *skip_dot(const char *name) +{ + const char *p = strchr(name, '.'); + + if (p != NULL) + return p + 1; + return name; +} + +static int provider_conf_params(OSSL_PROVIDER *prov, + const char *name, const char *value, + const CONF *cnf) +{ + STACK_OF(CONF_VALUE) *sect; + int ok = 1; + + OSSL_TRACE2(PROVIDER_CONF, "PROVIDER conf: %s = %s\n", name, value); + + sect = NCONF_get_section(cnf, value); + if (sect != NULL) { + int i; + char buffer[512]; + size_t buffer_len = 0; + + if (name != NULL) { + OPENSSL_strlcpy(buffer, name, sizeof(buffer)); + OPENSSL_strlcat(buffer, ".", sizeof(buffer)); + buffer_len = strlen(buffer); + } + + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { + CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i); + + if (buffer_len + strlen(sectconf->name) >= sizeof(buffer)) + return 0; + buffer[buffer_len] = '\0'; + OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer)); + if (!provider_conf_params(prov, buffer, sectconf->value, cnf)) + return 0; + } + } else { + ok = ossl_provider_add_parameter(prov, name, value); + } + + return ok; +} + +static int provider_conf_load(OPENSSL_CTX *libctx, const char *name, + const char *value, const CONF *cnf) +{ + int i; + STACK_OF(CONF_VALUE) *ecmds; + int soft = 0; + OSSL_PROVIDER *prov = NULL; + const char *path = NULL; + long activate = 0; + int ok = 0; + + name = skip_dot(name); + OSSL_TRACE1(PROVIDER_CONF, "Configuring provider %s\n", name); + /* Value is a section containing PROVIDER commands */ + ecmds = NCONF_get_section(cnf, value); + + if (!ecmds) { + CRYPTOerr(CRYPTO_F_PROVIDER_CONF_LOAD, CRYPTO_R_PROVIDER_SECTION_ERROR); + return 0; + } + + /* Find the needed data first */ + for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { + CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); + const char *confname = skip_dot(ecmd->name); + const char *confvalue = ecmd->value; + + OSSL_TRACE2(PROVIDER_CONF, "PROVIDER conf: %s = %s\n", + confname, confvalue); + + /* First handle some special pseudo confs */ + + /* Override provider name to use */ + if (strcmp(confname, "identity") == 0) + name = confvalue; + else if (strcmp(confname, "soft_load") == 0) + soft = 1; + /* Load a dynamic PROVIDER */ + else if (strcmp(confname, "module") == 0) + path = confvalue; + else if (strcmp(confname, "activate") == 0) + activate = 1; + } + + prov = ossl_provider_new(libctx, name, NULL); + if (prov == NULL) { + if (soft) + ERR_clear_error(); + return 0; + } + + if (path != NULL) + ossl_provider_set_module_path(prov, path); + + ok = provider_conf_params(prov, NULL, value, cnf); + + if (ok && activate) { + if (!ossl_provider_activate(prov)) { + ok = 0; + } else { + if (activated_providers == NULL) + activated_providers = sk_OSSL_PROVIDER_new_null(); + sk_OSSL_PROVIDER_push(activated_providers, prov); + ok = 1; + } + } + + if (!(activate && ok)) + ossl_provider_free(prov); + + return ok; +} + +static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) +{ + STACK_OF(CONF_VALUE) *elist; + CONF_VALUE *cval; + int i; + + OSSL_TRACE2(PROVIDER_CONF, "Loading provider module: name %s, value %s\n", + CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + /* Value is a section containing PROVIDERs to configure */ + elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); + + if (!elist) { + CRYPTOerr(CRYPTO_F_PROVIDER_CONF_INIT, + CRYPTO_R_PROVIDER_SECTION_ERROR); + return 0; + } + + for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { + cval = sk_CONF_VALUE_value(elist, i); + if (!provider_conf_load(NULL, cval->name, cval->value, cnf)) + return 0; + } + + return 1; +} + + +static void provider_conf_deinit(CONF_IMODULE *md) +{ + sk_OSSL_PROVIDER_pop_free(activated_providers, ossl_provider_free); + activated_providers = NULL; + OSSL_TRACE(PROVIDER_CONF, "Cleaned up providers\n"); +} + +void ossl_provider_add_conf_module(void) +{ + CONF_module_add("providers", provider_conf_init, provider_conf_deinit); +} diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 7a184a7..9f4c017 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -9,6 +9,7 @@ #include #include +#include #include #include "internal/cryptlib.h" #include "internal/nelem.h" @@ -25,6 +26,12 @@ static OSSL_PROVIDER *provider_new(const char *name, * ========================= */ +typedef struct { + char *name; + char *value; +} INFOPAIR; +DEFINE_STACK_OF(INFOPAIR) + struct provider_store_st; /* Forward declaration */ struct ossl_provider_st { @@ -36,8 +43,10 @@ struct ossl_provider_st { CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */ char *name; + char *path; DSO *module; OSSL_provider_init_fn *init_function; + STACK_OF(INFOPAIR) *parameters; struct provider_store_st *store; /* The store this instance belongs to */ /* Provider side functions */ @@ -243,6 +252,13 @@ OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, return prov; } +static void free_infopair(INFOPAIR *pair) +{ + OPENSSL_free(pair->name); + OPENSSL_free(pair->value); + OPENSSL_free(pair); +} + void ossl_provider_free(OSSL_PROVIDER *prov) { if (prov != NULL) { @@ -270,6 +286,8 @@ void ossl_provider_free(OSSL_PROVIDER *prov) if (ref == 0) { DSO_free(prov->module); OPENSSL_free(prov->name); + OPENSSL_free(prov->path); + sk_INFOPAIR_pop_free(prov->parameters, free_infopair); #ifndef HAVE_ATOMICS CRYPTO_THREAD_lock_free(prov->refcnt_lock); #endif @@ -278,6 +296,40 @@ void ossl_provider_free(OSSL_PROVIDER *prov) } } +/* Setters */ +int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path) +{ + OPENSSL_free(prov->path); + if (module_path == NULL) + return 1; + if ((prov->path = OPENSSL_strdup(module_path)) != NULL) + return 1; + CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH, ERR_R_MALLOC_FAILURE); + return 0; +} + +int ossl_provider_add_parameter(OSSL_PROVIDER *prov, + const char *name, const char *value) +{ + INFOPAIR *pair = NULL; + + if ((pair = OPENSSL_zalloc(sizeof(*pair))) != NULL + && (prov->parameters != NULL + || (prov->parameters = sk_INFOPAIR_new_null()) != NULL) + && (pair->name = OPENSSL_strdup(name)) != NULL + && (pair->value = OPENSSL_strdup(value)) != NULL + && sk_INFOPAIR_push(prov->parameters, pair) > 0) + return 1; + + if (pair != NULL) { + OPENSSL_free(pair->name); + OPENSSL_free(pair->value); + OPENSSL_free(pair); + } + CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER, ERR_R_MALLOC_FAILURE); + return 0; +} + /* * Provider activation. * @@ -310,8 +362,9 @@ static int provider_activate(OSSL_PROVIDER *prov) */ if (prov->init_function == NULL) { if (prov->module == NULL) { - char *platform_module_name = NULL; - char *module_path = NULL; + char *allocated_path = NULL; + const char *module_path = NULL; + char *merged_path = NULL; const char *load_dir = ossl_safe_getenv("OPENSSL_MODULES"); if ((prov->module = DSO_new()) == NULL) { @@ -324,19 +377,22 @@ static int provider_activate(OSSL_PROVIDER *prov) DSO_ctrl(prov->module, DSO_CTRL_SET_FLAGS, DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); - if ((platform_module_name = - DSO_convert_filename(prov->module, prov->name)) == NULL - || (module_path = - DSO_merge(prov->module, platform_module_name, - load_dir)) == NULL - || DSO_load(prov->module, module_path, NULL, - DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == NULL) { + + module_path = prov->path; + if (module_path == NULL) + module_path = allocated_path = + DSO_convert_filename(prov->module, prov->name); + if (module_path != NULL) + merged_path = DSO_merge(prov->module, module_path, load_dir); + + if (merged_path == NULL + || (DSO_load(prov->module, merged_path, NULL, 0)) == NULL) { DSO_free(prov->module); prov->module = NULL; } - OPENSSL_free(platform_module_name); - OPENSSL_free(module_path); + OPENSSL_free(merged_path); + OPENSSL_free(allocated_path); } if (prov->module != NULL) @@ -565,17 +621,21 @@ static const OSSL_ITEM *core_get_param_types(const OSSL_PROVIDER *prov) static int core_get_params(const OSSL_PROVIDER *prov, const OSSL_PARAM params[]) { int i; + const OSSL_PARAM *p; - for (i = 0; params[i].key != NULL; i++) { - if (strcmp(params[i].key, "openssl-version") == 0) { - *(void **)params[i].data = OPENSSL_VERSION_STR; - if (params[i].return_size) - *params[i].return_size = sizeof(OPENSSL_VERSION_STR); - } else if (strcmp(params[i].key, "provider-name") == 0) { - *(void **)params[i].data = prov->name; - if (params[i].return_size) - *params[i].return_size = strlen(prov->name) + 1; - } + if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL) + OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR); + if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL) + OSSL_PARAM_set_utf8_ptr(p, prov->name); + + if (prov->parameters == NULL) + return 1; + + for (i = 0; i < sk_INFOPAIR_num(prov->parameters); i++) { + INFOPAIR *pair = sk_INFOPAIR_value(prov->parameters, i); + + if ((p = OSSL_PARAM_locate(params, pair->name)) != NULL) + OSSL_PARAM_set_utf8_ptr(p, pair->value); } return 1; diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 3d0842c..985b07f 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -106,6 +106,7 @@ section containing configuration module specific information. E.g.: oid_section = new_oids engines = engine_section + providers = provider_section [new_oids] @@ -115,6 +116,10 @@ section containing configuration module specific information. E.g.: ... engine stuff here ... + [provider_section] + + ... provider stuff here ... + The features of each configuration module are described below. =head2 ASN1 Object Configuration Module @@ -216,6 +221,57 @@ For example: # Supply all default algorithms default_algorithms = ALL +=head2 Provider Configuration Module + +This provider configuration module has the name B. The +value of this variable points to a section containing further provider +configuration information. + +The section pointed to by B is a table of provider names +(though see B below) and further sections containing +configuration information specific to each provider module. + +Each provider specific section is used to load its module, perform +activation and set parameters to pass to the provider on demand. The +actual operation performed depends on the name of the name value pair. +The currently supported commands are listed below. + +For example: + + [provider_section] + + # Configure provider named "foo" + foo = foo_section + # Configure provider named "bar" + bar = bar_section + + [foo_section] + ... "foo" provider specific parameters ... + + [bar_section] + ... "bar" provider specific parameters ... + +The command B is used to give the provider name. For example: + + [provider_section] + # This would normally handle a provider named "foo" + foo = foo_section + + [foo_section] + # Override default name and use "myfoo" instead. + identity = myfoo + +The parameter B loads and adds a provider module from the +given module path. That path may be a simple file name, a relative +path or an absolute path. + +The parameter B determines whether to activate the +provider. The value has no importance, the presence of the parameter +is enough for activation to take place. + +All parameters in the section as well as sub-sections are made +available to the provider. + =head2 EVP Configuration Module This modules has the name B which points to a section containing @@ -405,6 +461,11 @@ Ignored in set-user-ID and set-group-ID programs. The path to the engines directory. Ignored in set-user-ID and set-group-ID programs. +=item B + +The path to the directory with OpenSSL modules, such as providers. +Ignored in set-user-ID and set-group-ID programs. + =back =head1 BUGS diff --git a/include/internal/provider.h b/include/internal/provider.h index 8af20a7..4966cc2 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -33,8 +33,10 @@ int ossl_provider_upref(OSSL_PROVIDER *prov); void ossl_provider_free(OSSL_PROVIDER *prov); /* Setters */ -int ossl_provider_add_module_location(OSSL_PROVIDER *prov, const char *loc); int ossl_provider_set_fallback(OSSL_PROVIDER *prov); +int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path); +int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name, + const char *value); /* * Activate the Provider @@ -64,6 +66,9 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); +/* Configuration */ +void ossl_provider_add_conf_module(void); + # ifdef __cplusplus } # endif diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index b38b272..ff5767a 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -45,11 +45,15 @@ int ERR_load_CRYPTO_strings(void); # define CRYPTO_F_OPENSSL_SK_DUP 128 # define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN 132 # define CRYPTO_F_OSSL_PROVIDER_ACTIVATE 130 +# define CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER 139 # define CRYPTO_F_OSSL_PROVIDER_NEW 131 +# define CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH 140 # define CRYPTO_F_PKEY_HMAC_INIT 123 # define CRYPTO_F_PKEY_POLY1305_INIT 124 # define CRYPTO_F_PKEY_SIPHASH_INIT 125 # define CRYPTO_F_PROVIDER_ACTIVATE 134 +# define CRYPTO_F_PROVIDER_CONF_INIT 137 +# define CRYPTO_F_PROVIDER_CONF_LOAD 138 # define CRYPTO_F_PROVIDER_NEW 135 # define CRYPTO_F_PROVIDER_STORE_NEW 136 # define CRYPTO_F_SK_RESERVE 129 @@ -61,5 +65,6 @@ int ERR_load_CRYPTO_strings(void); # define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 # define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 # define CRYPTO_R_PROVIDER_ALREADY_EXISTS 104 +# define CRYPTO_R_PROVIDER_SECTION_ERROR 105 #endif diff --git a/test/build.info b/test/build.info index 973536d..25abb06 100644 --- a/test/build.info +++ b/test/build.info @@ -616,6 +616,8 @@ IF[{- !$disabled{tests} -}] DEFINE[provider_test]=OPENSSL_NO_MODULE DEFINE[provider_internal_test]=OPENSSL_NO_MODULE ENDIF + DEPEND[]=provider_internal_test.conf + GENERATE[provider_internal_test.conf]=provider_internal_test.conf.in PROGRAMS{noinst}=params_test SOURCE[params_test]=params_test.c diff --git a/test/p_test.c b/test/p_test.c index 9e1ba8e..bf13a0a 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -52,21 +52,33 @@ static int p_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) if (strcmp(p->key, "greeting") == 0) { static char *opensslv = NULL; static char *provname = NULL; + static char *greeting = NULL; static OSSL_PARAM counter_request[] = { + /* Known libcrypto provided parameters */ { "openssl-version", OSSL_PARAM_UTF8_PTR, &opensslv, sizeof(&opensslv), NULL }, { "provider-name", OSSL_PARAM_UTF8_PTR, &provname, sizeof(&provname), NULL}, + + /* This might be present, if there's such a configuration */ + { "greeting", OSSL_PARAM_UTF8_PTR, + &greeting, sizeof(&greeting), NULL }, + { NULL, 0, NULL, 0, NULL } }; char buf[256]; size_t buf_l; if (c_get_params(prov, counter_request)) { - const char *versionp = *(void **)counter_request[0].data; - const char *namep = *(void **)counter_request[1].data; - sprintf(buf, "Hello OpenSSL %.20s, greetings from %s!", - versionp, namep); + if (greeting) { + strcpy(buf, greeting); + } else { + const char *versionp = *(void **)counter_request[0].data; + const char *namep = *(void **)counter_request[1].data; + + sprintf(buf, "Hello OpenSSL %.20s, greetings from %s!", + versionp, namep); + } } else { sprintf(buf, "Howdy stranger..."); } diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c index cbb85c3..54e6714 100644 --- a/test/provider_internal_test.c +++ b/test/provider_internal_test.c @@ -8,6 +8,7 @@ */ #include +#include #include "internal/provider.h" #include "testutil.h" @@ -20,20 +21,11 @@ static OSSL_PARAM greeting_request[] = { { NULL, 0, NULL, 0, NULL } }; -static int test_provider(OSSL_PROVIDER *prov) +static int test_provider(OSSL_PROVIDER *prov, const char *expected_greeting) { - const char *name = NULL; const char *greeting = NULL; - char expected_greeting[256]; int ret = 0; - if (!TEST_ptr(name = ossl_provider_name(prov))) - return 0; - - BIO_snprintf(expected_greeting, sizeof(expected_greeting), - "Hello OpenSSL %.20s, greetings from %s!", - OPENSSL_VERSION_STR, name); - ret = TEST_true(ossl_provider_activate(prov)) && TEST_true(ossl_provider_get_params(prov, greeting_request)) @@ -41,10 +33,22 @@ static int test_provider(OSSL_PROVIDER *prov) && TEST_size_t_gt(greeting_request[0].data_size, 0) && TEST_str_eq(greeting, expected_greeting); + TEST_info("Got this greeting: %s\n", greeting); ossl_provider_free(prov); return ret; } +static const char *expected_greeting1(const char *name) +{ + static char expected_greeting[256] = ""; + + snprintf(expected_greeting, sizeof(expected_greeting), + "Hello OpenSSL %.20s, greetings from %s!", + OPENSSL_VERSION_STR, name); + + return expected_greeting; +} + static int test_builtin_provider(void) { const char *name = "p_test_builtin"; @@ -53,7 +57,7 @@ static int test_builtin_provider(void) return TEST_ptr(prov = ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME)) - && test_provider(prov); + && test_provider(prov, expected_greeting1(name)); } #ifndef OPENSSL_NO_MODULE @@ -64,7 +68,21 @@ static int test_loaded_provider(void) return TEST_ptr(prov = ossl_provider_new(NULL, name, NULL)) - && test_provider(prov); + && test_provider(prov, expected_greeting1(name)); +} + +static int test_configured_provider(void) +{ + const char *name = "p_test_configured"; + OSSL_PROVIDER *prov = NULL; + /* This MUST match the config file */ + const char *expected_greeting = + "Hello OpenSSL, greetings from Test Provider"; + + return + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL) + && TEST_ptr(prov = ossl_provider_find(NULL, name)) + && test_provider(prov, expected_greeting); } #endif @@ -73,6 +91,7 @@ int setup_tests(void) ADD_TEST(test_builtin_provider); #ifndef OPENSSL_NO_MODULE ADD_TEST(test_loaded_provider); + ADD_TEST(test_configured_provider); #endif return 1; } diff --git a/test/provider_internal_test.conf.in b/test/provider_internal_test.conf.in new file mode 100644 index 0000000..12c2924 --- /dev/null +++ b/test/provider_internal_test.conf.in @@ -0,0 +1,13 @@ +{- use platform -} +openssl_conf = openssl_init + +[openssl_init] +providers = providers + +[providers] +p_test_configured = p_test_configured + +[p_test_configured] +module = {- platform->dso('p_test') -} +activate = 1 +greeting = Hello OpenSSL, greetings from Test Provider diff --git a/test/recipes/02-test_internal_provider.t b/test/recipes/02-test_internal_provider.t index 8275eb2..615d17a 100644 --- a/test/recipes/02-test_internal_provider.t +++ b/test/recipes/02-test_internal_provider.t @@ -7,12 +7,13 @@ # https://www.openssl.org/source/license.html use strict; -use OpenSSL::Test qw(:DEFAULT bldtop_dir); +use OpenSSL::Test qw(:DEFAULT bldtop_dir bldtop_file); use OpenSSL::Test::Simple; use OpenSSL::Test::Utils; setup("test_internal_provider"); -$ENV{"OPENSSL_MODULES"} = bldtop_dir("test"); +$ENV{OPENSSL_MODULES} = bldtop_dir("test"); +$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.conf"); simple_test("test_internal_provider", "provider_internal_test"); From builds at travis-ci.org Wed Apr 3 10:03:20 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 10:03:20 +0000 Subject: Still Failing: openssl/openssl#24473 (master - b6670f6) In-Reply-To: Message-ID: <5ca484e7d20d9_43fd15353550c1441a2@a3c04252-a7fc-48e5-b37a-30e7e9e2335a.mail> Build Update for openssl/openssl ------------------------------------- Build: #24473 Status: Still Failing Duration: 19 mins and 17 secs Commit: b6670f6 (master) Author: Richard Levitte Message: Replumbing: add documentation for the provider configuration module Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8549) View the changeset: https://github.com/openssl/openssl/compare/5516c19b0314...b6670f690c42 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515106097?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 3 10:59:19 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Apr 2019 10:59:19 +0000 Subject: Build failed: openssl master.23877 Message-ID: <20190403105919.1.EBCF028648437C1A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 3 11:25:38 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Apr 2019 11:25:38 +0000 Subject: Build completed: openssl master.23878 Message-ID: <20190403112538.1.747F214CFE162B49@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Apr 3 13:47:52 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 03 Apr 2019 13:47:52 +0000 Subject: [openssl] master update Message-ID: <1554299272.977264.12413.nullmailer@dev.openssl.org> The branch master has been updated via e4e91084d6b7acbe55139141f553b361871ec768 (commit) from b6670f690c4244e63dbc02a2ba25061f9c53945f (commit) - Log ----------------------------------------------------------------- commit e4e91084d6b7acbe55139141f553b361871ec768 Author: Richard Levitte Date: Wed Apr 3 15:44:17 2019 +0200 replaced snprintf with BIO version (for windows builds) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8651) ----------------------------------------------------------------------- Summary of changes: test/provider_internal_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c index 54e6714..f3006fe 100644 --- a/test/provider_internal_test.c +++ b/test/provider_internal_test.c @@ -42,9 +42,9 @@ static const char *expected_greeting1(const char *name) { static char expected_greeting[256] = ""; - snprintf(expected_greeting, sizeof(expected_greeting), - "Hello OpenSSL %.20s, greetings from %s!", - OPENSSL_VERSION_STR, name); + BIO_snprintf(expected_greeting, sizeof(expected_greeting), + "Hello OpenSSL %.20s, greetings from %s!", + OPENSSL_VERSION_STR, name); return expected_greeting; } From builds at travis-ci.org Wed Apr 3 14:08:55 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 14:08:55 +0000 Subject: Still Failing: openssl/openssl#24478 (master - e4e9108) In-Reply-To: Message-ID: <5ca4be774ab68_43fcfbdd1f3908355b@afe71415-fe2b-45e4-9aaf-c518c2420c3f.mail> Build Update for openssl/openssl ------------------------------------- Build: #24478 Status: Still Failing Duration: 20 mins and 28 secs Commit: e4e9108 (master) Author: Richard Levitte Message: replaced snprintf with BIO version (for windows builds) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8651) View the changeset: https://github.com/openssl/openssl/compare/b6670f690c42...e4e91084d6b7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515210579?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Apr 3 14:25:05 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Apr 2019 14:25:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm2 Message-ID: <1554301505.964224.30221.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: 705a27f7e0 Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" 2621e6405d rand_win.c: loosen version requirements for BCryptGenRandom cc8926ec8f crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT 521b7cb388 Correct the checks of module availability in provider test programs 34786bdee0 Configuration / build: make it possible to disable building of modules 22b414672d Build cleanup: don't use SHARED_SOURCE with modules Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1492, 245 wallclock secs ( 2.83 usr 0.48 sys + 220.60 cusr 13.24 csys = 237.15 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Apr 3 14:32:33 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Apr 2019 14:32:33 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm3 Message-ID: <1554301953.809001.27205.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm3 Commit log since last time: 705a27f7e0 Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" 2621e6405d rand_win.c: loosen version requirements for BCryptGenRandom cc8926ec8f crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT 521b7cb388 Correct the checks of module availability in provider test programs 34786bdee0 Configuration / build: make it possible to disable building of modules 22b414672d Build cleanup: don't use SHARED_SOURCE with modules Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1492, 253 wallclock secs ( 2.94 usr 0.35 sys + 227.68 cusr 12.86 csys = 243.83 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm3' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Wed Apr 3 14:49:09 2019 From: matt at openssl.org (Matt Caswell) Date: Wed, 03 Apr 2019 14:49:09 +0000 Subject: [openssl] master update Message-ID: <1554302949.402428.19757.nullmailer@dev.openssl.org> The branch master has been updated via 5a2bd6bc66a902ed7aa681e93f0e339c0441e228 (commit) via b7c913c820a80f8534ead1dc49b569280fcb1f9a (commit) from e4e91084d6b7acbe55139141f553b361871ec768 (commit) - Log ----------------------------------------------------------------- commit 5a2bd6bc66a902ed7aa681e93f0e339c0441e228 Author: Matt Caswell Date: Fri Mar 29 16:29:54 2019 +0000 Add an EVP_MD_CTX_md() test Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8614) commit b7c913c820a80f8534ead1dc49b569280fcb1f9a Author: Matt Caswell Date: Fri Mar 29 16:28:07 2019 +0000 Ensure EVP_MD_CTX_md returns the EVP_MD originally used Fixes #8613 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8614) ----------------------------------------------------------------------- Summary of changes: crypto/evp/digest.c | 4 ++++ crypto/evp/evp_lib.c | 4 ++-- crypto/evp/evp_locl.h | 1 + doc/man3/EVP_DigestInit.pod | 7 ++++++- doc/man3/EVP_MD_fetch.pod | 22 +++++++++++++++++----- test/evp_extra_test.c | 3 ++- 6 files changed, 32 insertions(+), 9 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 7b49725..89f8e54 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -83,6 +83,7 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx) EVP_MD_meth_free(ctx->fetched_digest); ctx->fetched_digest = NULL; ctx->digest = NULL; + ctx->reqdigest = NULL; OPENSSL_free(ctx); return; @@ -106,6 +107,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); + if (type != NULL) + ctx->reqdigest = type; + /* TODO(3.0): Legacy work around code below. Remove this */ #ifndef OPENSSL_NO_ENGINE /* diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 219ae53..f99e905 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -479,9 +479,9 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) { - if (!ctx) + if (ctx == NULL) return NULL; - return ctx->digest; + return ctx->reqdigest; } EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 936824a..2453eff 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -10,6 +10,7 @@ /* EVP_MD_CTX related stuff */ struct evp_md_ctx_st { + const EVP_MD *reqdigest; /* The original requested digest */ const EVP_MD *digest; ENGINE *engine; /* functional reference if 'digest' is * ENGINE-provided */ diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 37cdb27..4f5e38c 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -182,7 +182,12 @@ EVP_MD_meth_set_app_datasize(). =item EVP_MD_CTX_md() -Returns the B structure corresponding to the passed B. +Returns the B structure corresponding to the passed B. This +will be the same B object originally passed to EVP_DigestInit_ex() (or +other similar function) when the EVP_MD_CTX was first initialised. Note that +where explicit fetch is in use (see L) the value returned from +this function will not have its reference count incremented and therefore it +should not be used after the EVP_MD_CTX is freed. =item EVP_MD_CTX_set_update_fn() diff --git a/doc/man3/EVP_MD_fetch.pod b/doc/man3/EVP_MD_fetch.pod index 1748108..9653604 100644 --- a/doc/man3/EVP_MD_fetch.pod +++ b/doc/man3/EVP_MD_fetch.pod @@ -21,13 +21,13 @@ calculate the digest of input data using functions such as L, L and L. Digest implementations may be obtained in one of three ways, i.e. implicit -lookup, explicit lookup or user defined. +fetch, explicit fetch or user defined. =over 4 -=item Implicit Lookup +=item Implicit Fetch -With implicit lookup an application can use functions such as L, +With implicit fetch an application can use functions such as L, L or L to obtain an B object. When used in a function like L the actual implementation to be used will be fetched implicitly using default search criteria. Typically, @@ -35,9 +35,9 @@ be used will be fetched implicitly using default search criteria. Typically, have been loaded), this will return an implementation of the appropriate algorithm from the default provider. -=item Explicit Lookup +=item Explicit Fetch -With explicit lookup an application uses the EVP_MD_fetch() function to obtain +With explicit fetch an application uses the EVP_MD_fetch() function to obtain an algorithm implementation. An implementation with the given name and satisfying the search criteria specified in the B parameter will be looked for within the available providers and returned. See L @@ -83,6 +83,18 @@ The return value from a call to EVP_MD_fetch() must be freed by the caller using L. Note that EVP_MD objects are reference counted. See L. +=head1 NOTES + +Where an application that previously used implicit fetch is converted to use +explicit fetch care should be taken with the L function. +Specifically, this function returns the EVP_MD object orginally passed to +EVP_DigestInit_ex() (or other similar function). With implicit fetch the +returned EVP_MD object is guaranteed to be available throughout the application +lifetime. However, with explicit fetch EVP_MD objects are reference counted. +EVP_MD_CTX_md does not increment the reference count and so the returned EVP_MD +object may not be accessible beyond the lifetime of the EVP_MD_CTX it is +associated with. + =head1 RETURN VALUES EVP_MD_fetch() returns a pointer to the algorithm implementation represented by diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f07ae94..f763bb5 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1083,7 +1083,8 @@ static int calculate_digest(const EVP_MD *md, const char *msg, size_t len, || !TEST_true(EVP_DigestUpdate(ctx, msg, len)) || !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL)) || !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd, - SHA256_DIGEST_LENGTH)) + SHA256_DIGEST_LENGTH) + || !TEST_true(md == EVP_MD_CTX_md(ctx))) goto err; ret = 1; From matt at openssl.org Wed Apr 3 14:54:26 2019 From: matt at openssl.org (Matt Caswell) Date: Wed, 03 Apr 2019 14:54:26 +0000 Subject: [openssl] master update Message-ID: <1554303266.208837.12314.nullmailer@dev.openssl.org> The branch master has been updated via 64f4fff7967057ba2b963bd0a6ad5cdc64f27417 (commit) via 7556b9df597ce43c1c31b294512d5146560f37c6 (commit) from 5a2bd6bc66a902ed7aa681e93f0e339c0441e228 (commit) - Log ----------------------------------------------------------------- commit 64f4fff7967057ba2b963bd0a6ad5cdc64f27417 Author: Matt Caswell Date: Fri Mar 29 15:38:10 2019 +0000 Add a test for EVP_MD_block_size() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8604) commit 7556b9df597ce43c1c31b294512d5146560f37c6 Author: Matt Caswell Date: Thu Mar 28 17:22:20 2019 +0000 Support EVP_MD_block_size() with providers Fixes #8565 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8604) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/evp/digest.c | 5 +++++ crypto/evp/evp_err.c | 1 + crypto/evp/evp_lib.c | 8 ++++++++ crypto/include/internal/evp_int.h | 1 + include/openssl/core_numbers.h | 2 ++ include/openssl/evperr.h | 1 + providers/common/digests/sha2.c | 6 ++++++ test/evp_extra_test.c | 13 ++++++++++--- 9 files changed, 35 insertions(+), 3 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index fbf35d1..f15fc9c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -800,6 +800,7 @@ EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str EVP_F_EVP_MAC_CTX_COPY:211:EVP_MAC_CTX_copy EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new EVP_F_EVP_MAC_INIT:212:EVP_MAC_init +EVP_F_EVP_MD_BLOCK_SIZE:229:EVP_MD_block_size EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex EVP_F_EVP_MD_SIZE:162:EVP_MD_size EVP_F_EVP_OPENINIT:102:EVP_OpenInit diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 89f8e54..b93a014 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -549,6 +549,11 @@ static void *evp_md_from_dispatch(int mdtype, const OSSL_DISPATCH *fns, break; md->size = OSSL_get_OP_digest_size(fns); break; + case OSSL_FUNC_DIGEST_BLOCK_SIZE: + if (md->dblock_size != NULL) + break; + md->dblock_size = OSSL_get_OP_digest_block_size(fns); + break; } } if ((fncnt != 0 && fncnt != 5) diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 6e72b6b..a3e01fd 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -71,6 +71,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_COPY, 0), "EVP_MAC_CTX_copy"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_NEW, 0), "EVP_MAC_CTX_new"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_INIT, 0), "EVP_MAC_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_BLOCK_SIZE, 0), "EVP_MD_block_size"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"}, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index f99e905..914a19c 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -298,6 +298,14 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) int EVP_MD_block_size(const EVP_MD *md) { + if (md == NULL) { + EVPerr(EVP_F_EVP_MD_BLOCK_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); + return -1; + } + + if (md->prov != NULL && md->dblock_size != NULL) + return (int)md->dblock_size(); + return md->block_size; } diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index ab8ce00..c932898 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -204,6 +204,7 @@ struct evp_md_st { OSSL_OP_digest_freectx_fn *freectx; OSSL_OP_digest_dupctx_fn *dupctx; OSSL_OP_digest_size_fn *size; + OSSL_OP_digest_block_size_fn *dblock_size; } /* EVP_MD */ ; diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index a723854..1e53627 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -84,6 +84,7 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, # define OSSL_FUNC_DIGEST_FREECTX 6 # define OSSL_FUNC_DIGEST_DUPCTX 7 # define OSSL_FUNC_DIGEST_SIZE 8 +# define OSSL_FUNC_DIGEST_BLOCK_SIZE 9 OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void)) OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *vctx)) @@ -98,6 +99,7 @@ OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void)) +OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) # ifdef __cplusplus } diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index d60402c..317be14 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -70,6 +70,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_MAC_CTX_COPY 211 # define EVP_F_EVP_MAC_CTX_NEW 213 # define EVP_F_EVP_MAC_INIT 212 +# define EVP_F_EVP_MD_BLOCK_SIZE 229 # define EVP_F_EVP_MD_CTX_COPY_EX 110 # define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_OPENINIT 102 diff --git a/providers/common/digests/sha2.c b/providers/common/digests/sha2.c index b538ab9..4332e98 100644 --- a/providers/common/digests/sha2.c +++ b/providers/common/digests/sha2.c @@ -50,6 +50,11 @@ static size_t sha256_size(void) return SHA256_DIGEST_LENGTH; } +static size_t sha256_block_size(void) +{ + return SHA256_CBLOCK; +} + extern const OSSL_DISPATCH sha256_functions[]; const OSSL_DISPATCH sha256_functions[] = { { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))sha256_newctx }, @@ -59,5 +64,6 @@ const OSSL_DISPATCH sha256_functions[] = { { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))sha256_freectx }, { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))sha256_dupctx }, { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))sha256_size }, + { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))sha256_block_size }, { 0, NULL } }; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f763bb5..d09eb31 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1126,8 +1126,11 @@ static int test_EVP_MD_fetch(int tst) /* Implicit fetching of the MD should produce the expected result */ if (!TEST_true(calculate_digest(EVP_sha256(), testmsg, sizeof(testmsg), - exptd))) + exptd)) + || !TEST_int_eq(EVP_MD_size(EVP_sha256()), SHA256_DIGEST_LENGTH) + || !TEST_int_eq(EVP_MD_block_size(EVP_sha256()), SHA256_CBLOCK)) goto err; + /* * Test that without loading any providers or specifying any properties we * can get a sha256 md from the default provider. @@ -1135,7 +1138,9 @@ static int test_EVP_MD_fetch(int tst) if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", NULL)) || !TEST_ptr(md) || !TEST_int_eq(EVP_MD_nid(md), NID_sha256) - || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd))) + || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd)) + || !TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH) + || !TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK)) goto err; /* Also test EVP_MD_upref() while we're doing this */ @@ -1156,7 +1161,9 @@ static int test_EVP_MD_fetch(int tst) /* Explicitly asking for the default implementation should succeeed */ if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", "default=yes")) || !TEST_int_eq(EVP_MD_nid(md), NID_sha256) - || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd))) + || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd)) + || !TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH) + || !TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK)) goto err; EVP_MD_meth_free(md); From matt at openssl.org Wed Apr 3 15:02:41 2019 From: matt at openssl.org (Matt Caswell) Date: Wed, 03 Apr 2019 15:02:41 +0000 Subject: [openssl] master update Message-ID: <1554303761.235949.12380.nullmailer@dev.openssl.org> The branch master has been updated via 0770c882150ea0159cc2b0a2cea2e8ed8442f36f (commit) from 64f4fff7967057ba2b963bd0a6ad5cdc64f27417 (commit) - Log ----------------------------------------------------------------- commit 0770c882150ea0159cc2b0a2cea2e8ed8442f36f Author: Todd Short Date: Wed Apr 19 15:35:16 2017 -0400 Modify OCSP to use alt MD for cert IDs in responses Modify openssl OCSP utility to produce certIDs in responses using other hash algorithms (e.g. SHA256). Added option -rcid for this purpose. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5274) ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 34 +++++++++++++++++++++++++++------- doc/man1/ocsp.pod | 7 +++++++ 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index ddcab4c..9f2cf45 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -99,7 +99,8 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req EVP_PKEY *rkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays, int badsig); + int nmin, int ndays, int badsig, + const EVP_MD *resp_md); static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(const char *port); @@ -138,6 +139,7 @@ typedef enum OPTION_choice { OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL, OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER, OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER, + OPT_RCID, OPT_V_ENUM, OPT_MD, OPT_MULTI @@ -220,6 +222,7 @@ const OPTIONS ocsp_options[] = { {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"}, {"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"}, {"header", OPT_HEADER, 's', "key=value header to add"}, + {"rcid", OPT_RCID, 's', "Use specified algorithm for cert id in response"}, {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"}, OPT_V_OPTIONS, {NULL} @@ -243,6 +246,7 @@ int ocsp_main(int argc, char **argv) STACK_OF(X509) *issuers = NULL; X509 *issuer = NULL, *cert = NULL; STACK_OF(X509) *rca_cert = NULL; + const EVP_MD *resp_certid_md = NULL; X509 *signer = NULL, *rsigner = NULL; X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; @@ -499,6 +503,11 @@ int ocsp_main(int argc, char **argv) if (!X509V3_add_value(header, value, &headers)) goto end; break; + case OPT_RCID: + resp_certid_md = EVP_get_digestbyname(opt_arg()); + if (resp_certid_md == NULL) + goto opthelp; + break; case OPT_MD: if (trailing_md) { BIO_printf(bio_err, @@ -684,7 +693,8 @@ redo_accept: if (rdb != NULL) { make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey, - rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, badsig); + rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, badsig, + resp_certid_md); if (cbio != NULL) send_ocsp_response(cbio, resp); } else if (host != NULL) { @@ -1138,7 +1148,8 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req EVP_PKEY *rkey, const EVP_MD *rmd, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays, int badsig) + int nmin, int ndays, int badsig, + const EVP_MD *resp_md) { ASN1_TIME *thisupd = NULL, *nextupd = NULL; OCSP_CERTID *cid; @@ -1169,6 +1180,8 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req int found = 0; ASN1_OBJECT *cert_id_md_oid; const EVP_MD *cert_id_md; + OCSP_CERTID *cid_resp_md = NULL; + one = OCSP_request_onereq_get0(req, i); cid = OCSP_onereq_get0_id(one); @@ -1184,11 +1197,18 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req X509 *ca_cert = sk_X509_value(ca, jj); OCSP_CERTID *ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca_cert); - if (OCSP_id_issuer_cmp(ca_id, cid) == 0) + if (OCSP_id_issuer_cmp(ca_id, cid) == 0) { found = 1; - + if (resp_md != NULL) + cid_resp_md = OCSP_cert_to_id(resp_md, NULL, ca_cert); + } OCSP_CERTID_free(ca_id); } + OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); + inf = lookup_serial(db, serial); + + /* at this point, we can have cid be an alias of cid_resp_md */ + cid = (cid_resp_md != NULL) ? cid_resp_md : cid; if (!found) { OCSP_basic_add1_status(bs, cid, @@ -1196,8 +1216,6 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req 0, NULL, thisupd, nextupd); continue; } - OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); - inf = lookup_serial(db, serial); if (inf == NULL) { OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_UNKNOWN, @@ -1212,6 +1230,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req ASN1_GENERALIZEDTIME *invtm = NULL; OCSP_SINGLERESP *single; int reason = -1; + unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]); single = OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_REVOKED, @@ -1227,6 +1246,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req ASN1_TIME_free(revtm); ASN1_GENERALIZEDTIME_free(invtm); } + OCSP_CERTID_free(cid_resp_md); } OCSP_copy_nonce(bs, req); diff --git a/doc/man1/ocsp.pod b/doc/man1/ocsp.pod index c8c3276..4c0aaac 100644 --- a/doc/man1/ocsp.pod +++ b/doc/man1/ocsp.pod @@ -88,6 +88,7 @@ B B [B<-ndays n>] [B<-resp_key_id>] [B<-nrequest n>] +[B<-rcid I>] [B<-I>] =head1 DESCRIPTION @@ -304,6 +305,12 @@ status information is immediately available. In this case the age of the B field is checked to see it is not older than B seconds old. By default this additional check is not performed. +=item B<-rcid I> + +This option sets the digest algorithm to use for certificate identification +in the OCSP response. Any digest supported by the OpenSSL B command can +be used. The default is the same digest algorithm used in the request. + =item B<-I> This option sets digest algorithm to use for certificate identification in the From builds at travis-ci.org Wed Apr 3 15:26:13 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 15:26:13 +0000 Subject: Still Failing: openssl/openssl#24480 (master - 64f4fff) In-Reply-To: Message-ID: <5ca4d094d4991_43fdf89b919341173a9@bf9271f3-2439-4820-8d88-26b771e155af.mail> Build Update for openssl/openssl ------------------------------------- Build: #24480 Status: Still Failing Duration: 29 mins and 47 secs Commit: 64f4fff (master) Author: Matt Caswell Message: Add a test for EVP_MD_block_size() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8604) View the changeset: https://github.com/openssl/openssl/compare/5a2bd6bc66a9...64f4fff79670 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515244234?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 3 15:25:35 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 15:25:35 +0000 Subject: Still Failing: openssl/openssl#24479 (master - 5a2bd6b) In-Reply-To: Message-ID: <5ca4d06f8c001_43fdf8fd82c60116734@bf9271f3-2439-4820-8d88-26b771e155af.mail> Build Update for openssl/openssl ------------------------------------- Build: #24479 Status: Still Failing Duration: 35 mins and 51 secs Commit: 5a2bd6b (master) Author: Matt Caswell Message: Add an EVP_MD_CTX_md() test Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8614) View the changeset: https://github.com/openssl/openssl/compare/e4e91084d6b7...5a2bd6bc66a9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515241732?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 3 15:47:09 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 15:47:09 +0000 Subject: Errored: openssl/openssl#24481 (master - 0770c88) In-Reply-To: Message-ID: <5ca4d57c9d3be_43fcfc4163748122711@afe71415-fe2b-45e4-9aaf-c518c2420c3f.mail> Build Update for openssl/openssl ------------------------------------- Build: #24481 Status: Errored Duration: 1 hr, 0 mins, and 27 secs Commit: 0770c88 (master) Author: Todd Short Message: Modify OCSP to use alt MD for cert IDs in responses Modify openssl OCSP utility to produce certIDs in responses using other hash algorithms (e.g. SHA256). Added option -rcid for this purpose. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5274) View the changeset: https://github.com/openssl/openssl/compare/64f4fff79670...0770c882150e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515248333?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Apr 3 20:57:43 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 03 Apr 2019 20:57:43 +0000 Subject: [openssl] master update Message-ID: <1554325063.251462.7579.nullmailer@dev.openssl.org> The branch master has been updated via b8472b4e67ec7ad49254821f2da578ce588df4e6 (commit) from 0770c882150ea0159cc2b0a2cea2e8ed8442f36f (commit) - Log ----------------------------------------------------------------- commit b8472b4e67ec7ad49254821f2da578ce588df4e6 Author: Tomas Mraz Date: Thu Mar 21 13:17:29 2019 +0100 Use AI_ADDRCONFIG hint with getaddrinfo if available. This prevents failure of openssl s_server socket binding to wildcard address on hosts with disabled IPv6. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8550) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_addr.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index 4be74e4..0f39824 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -683,6 +683,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, hints.ai_family = family; hints.ai_socktype = socktype; hints.ai_protocol = protocol; +#ifdef AI_ADDRCONFIG +#ifdef AF_UNSPEC + if (family == AF_UNSPEC) +#endif + hints.ai_flags |= AI_ADDRCONFIG; +#endif if (lookup_type == BIO_LOOKUP_SERVER) hints.ai_flags |= AI_PASSIVE; From builds at travis-ci.org Wed Apr 3 21:22:52 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 21:22:52 +0000 Subject: Failed: openssl/openssl#24487 (master - b8472b4) In-Reply-To: Message-ID: <5ca5242be4647_43fbd6e879dd81552c6@89a43216-c559-4eb2-94cd-80f29bb75b3c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24487 Status: Failed Duration: 24 mins and 33 secs Commit: b8472b4 (master) Author: Tomas Mraz Message: Use AI_ADDRCONFIG hint with getaddrinfo if available. This prevents failure of openssl s_server socket binding to wildcard address on hosts with disabled IPv6. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8550) View the changeset: https://github.com/openssl/openssl/compare/0770c882150e...b8472b4e67ec View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515402497?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Apr 3 23:09:41 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 03 Apr 2019 23:09:41 +0000 Subject: [openssl] master update Message-ID: <1554332981.210808.24562.nullmailer@dev.openssl.org> The branch master has been updated via e321ba28e89d40ab750e353d5bd7fc405e9c2761 (commit) from b8472b4e67ec7ad49254821f2da578ce588df4e6 (commit) - Log ----------------------------------------------------------------- commit e321ba28e89d40ab750e353d5bd7fc405e9c2761 Author: Richard Levitte Date: Wed Apr 3 22:54:00 2019 +0200 Correct EVP_F_EVP_MD_BLOCK_SIZE number The number that was used was already taken Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8656) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 2 +- include/openssl/evperr.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index f15fc9c..6782966 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -800,7 +800,7 @@ EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str EVP_F_EVP_MAC_CTX_COPY:211:EVP_MAC_CTX_copy EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new EVP_F_EVP_MAC_INIT:212:EVP_MAC_init -EVP_F_EVP_MD_BLOCK_SIZE:229:EVP_MD_block_size +EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex EVP_F_EVP_MD_SIZE:162:EVP_MD_size EVP_F_EVP_OPENINIT:102:EVP_OpenInit diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 317be14..34d5e60 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -70,7 +70,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_MAC_CTX_COPY 211 # define EVP_F_EVP_MAC_CTX_NEW 213 # define EVP_F_EVP_MAC_INIT 212 -# define EVP_F_EVP_MD_BLOCK_SIZE 229 +# define EVP_F_EVP_MD_BLOCK_SIZE 232 # define EVP_F_EVP_MD_CTX_COPY_EX 110 # define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_OPENINIT 102 From levitte at openssl.org Wed Apr 3 23:25:16 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 03 Apr 2019 23:25:16 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554333916.645794.27240.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 2423b5f07f01a7318fb48a277c1c4f372958d664 (commit) from a88bafcdb7c24a14c277e47cdde014886a91d7cc (commit) - Log ----------------------------------------------------------------- commit 2423b5f07f01a7318fb48a277c1c4f372958d664 Author: Tomas Mraz Date: Thu Mar 21 13:17:29 2019 +0100 Use AI_ADDRCONFIG hint with getaddrinfo if available. This prevents failure of openssl s_server socket binding to wildcard address on hosts with disabled IPv6. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8550) (cherry picked from commit b8472b4e67ec7ad49254821f2da578ce588df4e6) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_addr.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index 4395ab7..f295b76 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -683,6 +683,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, hints.ai_family = family; hints.ai_socktype = socktype; hints.ai_protocol = protocol; +#ifdef AI_ADDRCONFIG +#ifdef AF_UNSPEC + if (family == AF_UNSPEC) +#endif + hints.ai_flags |= AI_ADDRCONFIG; +#endif if (lookup_type == BIO_LOOKUP_SERVER) hints.ai_flags |= AI_PASSIVE; From builds at travis-ci.org Wed Apr 3 23:36:14 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 23:36:14 +0000 Subject: Errored: openssl/openssl#24489 (master - e321ba2) In-Reply-To: Message-ID: <5ca5436e94807_43fa8e6f4c580588f8@1cf56640-a520-4ad1-b624-ea6adf313752.mail> Build Update for openssl/openssl ------------------------------------- Build: #24489 Status: Errored Duration: 26 mins and 0 secs Commit: e321ba2 (master) Author: Richard Levitte Message: Correct EVP_F_EVP_MD_BLOCK_SIZE number The number that was used was already taken Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8656) View the changeset: https://github.com/openssl/openssl/compare/b8472b4e67ec...e321ba28e89d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515450466?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 3 23:55:46 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Apr 2019 23:55:46 +0000 Subject: Still Failing: openssl/openssl#24492 (OpenSSL_1_1_1-stable - 2423b5f) In-Reply-To: Message-ID: <5ca54801bb622_43f873a879dd4135070@6f866ff0-4b6f-409d-a474-0919a3f46f1b.mail> Build Update for openssl/openssl ------------------------------------- Build: #24492 Status: Still Failing Duration: 20 mins and 1 sec Commit: 2423b5f (OpenSSL_1_1_1-stable) Author: Tomas Mraz Message: Use AI_ADDRCONFIG hint with getaddrinfo if available. This prevents failure of openssl s_server socket binding to wildcard address on hosts with disabled IPv6. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8550) (cherry picked from commit b8472b4e67ec7ad49254821f2da578ce588df4e6) View the changeset: https://github.com/openssl/openssl/compare/a88bafcdb7c2...2423b5f07f01 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515454957?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Apr 4 01:40:52 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Apr 2019 01:40:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1554342052.706829.3687.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: b8472b4e67 Use AI_ADDRCONFIG hint with getaddrinfo if available. 0770c88215 Modify OCSP to use alt MD for cert IDs in responses 64f4fff796 Add a test for EVP_MD_block_size() 7556b9df59 Support EVP_MD_block_size() with providers 5a2bd6bc66 Add an EVP_MD_CTX_md() test b7c913c820 Ensure EVP_MD_CTX_md returns the EVP_MD originally used e4e91084d6 replaced snprintf with BIO version (for windows builds) b6670f690c Replumbing: add documentation for the provider configuration module 6d872a838d Add test for the provider configuration module abbc2c4083 Replumbing: add a configuration module for providers ac1055ef13 Replumbing: add functionality to set provider parameters 5516c19b03 AES-XTS block limit. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../../openssl/test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1272, 133 wallclock secs ( 1.90 usr 0.33 sys + 116.68 cusr 10.07 csys = 128.98 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Apr 4 06:05:44 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Apr 2019 06:05:44 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1554357944.607483.2789.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: b8472b4e67 Use AI_ADDRCONFIG hint with getaddrinfo if available. 0770c88215 Modify OCSP to use alt MD for cert IDs in responses 64f4fff796 Add a test for EVP_MD_block_size() 7556b9df59 Support EVP_MD_block_size() with providers 5a2bd6bc66 Add an EVP_MD_CTX_md() test b7c913c820 Ensure EVP_MD_CTX_md returns the EVP_MD originally used e4e91084d6 replaced snprintf with BIO version (for windows builds) b6670f690c Replumbing: add documentation for the provider configuration module 6d872a838d Add test for the provider configuration module abbc2c4083 Replumbing: add a configuration module for providers ac1055ef13 Replumbing: add functionality to set provider parameters 5516c19b03 AES-XTS block limit. Build log ended with (last 100 lines): ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/02-test_internal_provider.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 ../../openssl/test/recipes/04-test_provider.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=168, Tests=1294, 257 wallclock secs ( 0.91 usr 0.34 sys + 229.99 cusr 12.16 csys = 243.40 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu Apr 4 06:06:26 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Apr 2019 06:06:26 +0000 Subject: Build failed: openssl master.23900 Message-ID: <20190404060626.1.D422FA096F00ABE4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 4 06:55:42 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Apr 2019 06:55:42 +0000 Subject: Build completed: openssl master.23901 Message-ID: <20190404065542.1.EEA7A5D2CAD637BA@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Apr 4 11:38:50 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 04 Apr 2019 11:38:50 +0000 Subject: [openssl] master update Message-ID: <1554377930.300232.8365.nullmailer@dev.openssl.org> The branch master has been updated via 706b6333a6dd29a8d11561dee8013a2fddbc2742 (commit) from e321ba28e89d40ab750e353d5bd7fc405e9c2761 (commit) - Log ----------------------------------------------------------------- commit 706b6333a6dd29a8d11561dee8013a2fddbc2742 Author: Richard Levitte Date: Thu Apr 4 12:56:57 2019 +0200 Document the 'no-module' configuration option Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8665) ----------------------------------------------------------------------- Summary of changes: INSTALL | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/INSTALL b/INSTALL index 9273db3..5185033 100644 --- a/INSTALL +++ b/INSTALL @@ -409,6 +409,10 @@ no-makedepend Don't generate dependencies. + no-module + Don't build any dynamically loadable engines. This also + implies 'no-dynamic-engine'. + no-multiblock Don't build support for writing multiple records in one go in libssl (Note: this is a different capability to the From levitte at openssl.org Thu Apr 4 11:40:14 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 04 Apr 2019 11:40:14 +0000 Subject: [openssl] master update Message-ID: <1554378014.036915.9362.nullmailer@dev.openssl.org> The branch master has been updated via 2a2bc6fc12c6f6fc47c7c66dd4d0e3ef4be17777 (commit) from 706b6333a6dd29a8d11561dee8013a2fddbc2742 (commit) - Log ----------------------------------------------------------------- commit 2a2bc6fc12c6f6fc47c7c66dd4d0e3ef4be17777 Author: Richard Levitte Date: Thu Apr 4 12:35:47 2019 +0200 For provider tests, don't define a OPENSSL_NO_ macro Since the macro to indicate if the test provider module is available is local to the test programs, it's better to use a name that isn't as easily confused with a library feature disabling macro that one would expect to find in opensslconf.h. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8664) ----------------------------------------------------------------------- Summary of changes: test/build.info | 4 ++-- test/provider_internal_test.c | 4 ++-- test/provider_test.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/test/build.info b/test/build.info index 25abb06..8bf286e 100644 --- a/test/build.info +++ b/test/build.info @@ -613,8 +613,8 @@ IF[{- !$disabled{tests} -}] ENDIF ENDIF IF[{- $disabled{module} || !$target{dso_scheme} -}] - DEFINE[provider_test]=OPENSSL_NO_MODULE - DEFINE[provider_internal_test]=OPENSSL_NO_MODULE + DEFINE[provider_test]=NO_PROVIDER_MODULE + DEFINE[provider_internal_test]=NO_PROVIDER_MODULE ENDIF DEPEND[]=provider_internal_test.conf GENERATE[provider_internal_test.conf]=provider_internal_test.conf.in diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c index f3006fe..6123d6b 100644 --- a/test/provider_internal_test.c +++ b/test/provider_internal_test.c @@ -60,7 +60,7 @@ static int test_builtin_provider(void) && test_provider(prov, expected_greeting1(name)); } -#ifndef OPENSSL_NO_MODULE +#ifndef NO_PROVIDER_MODULE static int test_loaded_provider(void) { const char *name = "p_test"; @@ -89,7 +89,7 @@ static int test_configured_provider(void) int setup_tests(void) { ADD_TEST(test_builtin_provider); -#ifndef OPENSSL_NO_MODULE +#ifndef NO_PROVIDER_MODULE ADD_TEST(test_loaded_provider); ADD_TEST(test_configured_provider); #endif diff --git a/test/provider_test.c b/test/provider_test.c index ee6f94c..c00f5ab 100644 --- a/test/provider_test.c +++ b/test/provider_test.c @@ -49,7 +49,7 @@ static int test_builtin_provider(void) && test_provider(name); } -#ifndef OPENSSL_NO_MODULE +#ifndef NO_PROVIDER_MODULE static int test_loaded_provider(void) { const char *name = "p_test"; @@ -61,7 +61,7 @@ static int test_loaded_provider(void) int setup_tests(void) { ADD_TEST(test_builtin_provider); -#ifndef OPENSSL_NO_MODULE +#ifndef NO_PROVIDER_MODULE ADD_TEST(test_loaded_provider); #endif return 1; From builds at travis-ci.org Thu Apr 4 12:00:20 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Apr 2019 12:00:20 +0000 Subject: Failed: openssl/openssl#24511 (master - 706b633) In-Reply-To: Message-ID: <5ca5f1d2a5f38_43fa6ee7428d42660fc@25abce86-72f6-4d28-89c0-f35210b98a2f.mail> Build Update for openssl/openssl ------------------------------------- Build: #24511 Status: Failed Duration: 20 mins and 43 secs Commit: 706b633 (master) Author: Richard Levitte Message: Document the 'no-module' configuration option Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8665) View the changeset: https://github.com/openssl/openssl/compare/e321ba28e89d...706b6333a6dd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515667432?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Apr 4 12:11:51 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Apr 2019 12:11:51 +0000 Subject: Failed: openssl/openssl#24512 (master - 2a2bc6f) In-Reply-To: Message-ID: <5ca5f4875fea6_43f87368af6e0421437@25894f95-3756-4ce2-a604-3ef50ca07752.mail> Build Update for openssl/openssl ------------------------------------- Build: #24512 Status: Failed Duration: 26 mins and 26 secs Commit: 2a2bc6f (master) Author: Richard Levitte Message: For provider tests, don't define a OPENSSL_NO_ macro Since the macro to indicate if the test provider module is available is local to the test programs, it's better to use a name that isn't as easily confused with a library feature disabling macro that one would expect to find in opensslconf.h. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8664) View the changeset: https://github.com/openssl/openssl/compare/706b6333a6dd...2a2bc6fc12c6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515668030?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Apr 4 14:12:23 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Apr 2019 14:12:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm2 Message-ID: <1554387143.159620.9735.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: b8472b4e67 Use AI_ADDRCONFIG hint with getaddrinfo if available. 0770c88215 Modify OCSP to use alt MD for cert IDs in responses 64f4fff796 Add a test for EVP_MD_block_size() 7556b9df59 Support EVP_MD_block_size() with providers 5a2bd6bc66 Add an EVP_MD_CTX_md() test b7c913c820 Ensure EVP_MD_CTX_md returns the EVP_MD originally used e4e91084d6 replaced snprintf with BIO version (for windows builds) b6670f690c Replumbing: add documentation for the provider configuration module 6d872a838d Add test for the provider configuration module abbc2c4083 Replumbing: add a configuration module for providers ac1055ef13 Replumbing: add functionality to set provider parameters 5516c19b03 AES-XTS block limit. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1492, 252 wallclock secs ( 3.05 usr 0.40 sys + 226.85 cusr 12.98 csys = 243.28 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm2' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Apr 4 14:19:50 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Apr 2019 14:19:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sm3 Message-ID: <1554387590.386030.6731.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm3 Commit log since last time: b8472b4e67 Use AI_ADDRCONFIG hint with getaddrinfo if available. 0770c88215 Modify OCSP to use alt MD for cert IDs in responses 64f4fff796 Add a test for EVP_MD_block_size() 7556b9df59 Support EVP_MD_block_size() with providers 5a2bd6bc66 Add an EVP_MD_CTX_md() test b7c913c820 Ensure EVP_MD_CTX_md returns the EVP_MD originally used e4e91084d6 replaced snprintf with BIO version (for windows builds) b6670f690c Replumbing: add documentation for the provider configuration module 6d872a838d Add test for the provider configuration module abbc2c4083 Replumbing: add a configuration module for providers ac1055ef13 Replumbing: add functionality to set provider parameters 5516c19b03 AES-XTS block limit. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 137 tests but ran 136. Files=168, Tests=1492, 247 wallclock secs ( 3.00 usr 0.34 sys + 221.95 cusr 12.93 csys = 238.22 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-sm3' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Thu Apr 4 15:56:06 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Apr 2019 15:56:06 +0000 Subject: [openssl] master update Message-ID: <1554393366.952105.12914.nullmailer@dev.openssl.org> The branch master has been updated via fd3a904636aa45401c40e8b86ebacd5135fea2f1 (commit) from 2a2bc6fc12c6f6fc47c7c66dd4d0e3ef4be17777 (commit) - Log ----------------------------------------------------------------- commit fd3a904636aa45401c40e8b86ebacd5135fea2f1 Author: Matt Caswell Date: Wed Apr 3 09:44:41 2019 +0100 Skip the correct number of tests if SM2 is disabled Fixes no-sm2 (and also no-sm3 and no-ec) Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8650) ----------------------------------------------------------------------- Summary of changes: test/recipes/25-test_verify.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index e493947..96bfd03 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -375,7 +375,7 @@ SKIP: { } SKIP: { - skip "SM2 is not supported by this OpenSSL build", 1 + skip "SM2 is not supported by this OpenSSL build", 2 if disabled("sm2"); # Test '-sm2-id' and '-sm2-hex-id' option From matt at openssl.org Thu Apr 4 15:58:01 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Apr 2019 15:58:01 +0000 Subject: [openssl] master update Message-ID: <1554393481.913080.13969.nullmailer@dev.openssl.org> The branch master has been updated via 69539990a8152e90dbe1df1124263db126b1e6f3 (commit) from fd3a904636aa45401c40e8b86ebacd5135fea2f1 (commit) - Log ----------------------------------------------------------------- commit 69539990a8152e90dbe1df1124263db126b1e6f3 Author: Matt Caswell Date: Wed Apr 3 23:13:59 2019 +0100 Correct the documentation about SSL_CIPHER_description() There are some ciphersuites that were introduced in TLSv1.0/TLSv1.1 but are backwards compatible with SSLv3. Fixes #8655 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8658) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CIPHER_get_name.pod | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 51c3941..1da3447 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -124,7 +124,10 @@ Textual representation of the cipher name. =item -Protocol version, such as B, when the cipher was first defined. +The minimum protocol version that the ciphersuite supports, such as B. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions. =item Kx= From matt at openssl.org Thu Apr 4 15:58:21 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Apr 2019 15:58:21 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554393501.741196.15065.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 0cbfcc39042bb1ff16d4500979d34fcdae3ec602 (commit) from 2423b5f07f01a7318fb48a277c1c4f372958d664 (commit) - Log ----------------------------------------------------------------- commit 0cbfcc39042bb1ff16d4500979d34fcdae3ec602 Author: Matt Caswell Date: Wed Apr 3 23:13:59 2019 +0100 Correct the documentation about SSL_CIPHER_description() There are some ciphersuites that were introduced in TLSv1.0/TLSv1.1 but are backwards compatible with SSLv3. Fixes #8655 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8658) (cherry picked from commit 69539990a8152e90dbe1df1124263db126b1e6f3) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CIPHER_get_name.pod | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 4c12c5e..8800bbd 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -124,7 +124,10 @@ Textual representation of the cipher name. =item -Protocol version, such as B, when the cipher was first defined. +The minimum protocol version that the ciphersuite supports, such as B. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions. =item Kx= From builds at travis-ci.org Thu Apr 4 16:15:18 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Apr 2019 16:15:18 +0000 Subject: Still Failing: openssl/openssl#24520 (master - fd3a904) In-Reply-To: Message-ID: <5ca62d94e21c8_43fb9c250a1d43340e4@f353b918-4e28-4086-af4b-17c8f27caa47.mail> Build Update for openssl/openssl ------------------------------------- Build: #24520 Status: Still Failing Duration: 18 mins and 24 secs Commit: fd3a904 (master) Author: Matt Caswell Message: Skip the correct number of tests if SM2 is disabled Fixes no-sm2 (and also no-sm3 and no-ec) Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8650) View the changeset: https://github.com/openssl/openssl/compare/2a2bc6fc12c6...fd3a904636aa View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515783137?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Apr 4 16:32:10 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Apr 2019 16:32:10 +0000 Subject: Still Failing: openssl/openssl#24521 (master - 6953999) In-Reply-To: Message-ID: <5ca6318a96482_43fe0c0d092343480e6@6f83077e-95e4-47e4-b171-76845cc65eaa.mail> Build Update for openssl/openssl ------------------------------------- Build: #24521 Status: Still Failing Duration: 29 mins and 37 secs Commit: 6953999 (master) Author: Matt Caswell Message: Correct the documentation about SSL_CIPHER_description() There are some ciphersuites that were introduced in TLSv1.0/TLSv1.1 but are backwards compatible with SSLv3. Fixes #8655 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8658) View the changeset: https://github.com/openssl/openssl/compare/fd3a904636aa...69539990a815 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515784409?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Thu Apr 4 17:02:15 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 04 Apr 2019 17:02:15 +0000 Subject: [openssl] master update Message-ID: <1554397335.897269.4892.nullmailer@dev.openssl.org> The branch master has been updated via ecbfaef2aad61fae0c29c04287913af11981b82e (commit) from 69539990a8152e90dbe1df1124263db126b1e6f3 (commit) - Log ----------------------------------------------------------------- commit ecbfaef2aad61fae0c29c04287913af11981b82e Author: Dr. Matthias St. Pierre Date: Thu Apr 4 18:27:15 2019 +0200 trace: add PROVIDER_CONF trace category Fixes #8667 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8672) ----------------------------------------------------------------------- Summary of changes: crypto/trace.c | 1 + doc/man3/OSSL_trace_set_channel.pod | 4 ++++ include/openssl/trace.h | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/trace.c b/crypto/trace.c index efcf8be..c9623b0 100644 --- a/crypto/trace.c +++ b/crypto/trace.c @@ -132,6 +132,7 @@ static const struct trace_category_st trace_categories[] = { TRACE_CATEGORY_(PKCS12_DECRYPT), TRACE_CATEGORY_(X509V3_POLICY), TRACE_CATEGORY_(BN_CTX), + TRACE_CATEGORY_(PROVIDER_CONF), }; const char *OSSL_trace_get_category_name(int num) diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod index 46e248f..cb34967 100644 --- a/doc/man3/OSSL_trace_set_channel.pod +++ b/doc/man3/OSSL_trace_set_channel.pod @@ -176,6 +176,10 @@ point during evaluation. Traces BIGNUM context operations. +=item C + +Traces the OSSL_PROVIDER configuration. + =back There is also C, which works as a fallback diff --git a/include/openssl/trace.h b/include/openssl/trace.h index 48c98ca..aff1a32 100644 --- a/include/openssl/trace.h +++ b/include/openssl/trace.h @@ -49,7 +49,8 @@ extern "C" { # define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 # define OSSL_TRACE_CATEGORY_X509V3_POLICY 11 # define OSSL_TRACE_CATEGORY_BN_CTX 12 -# define OSSL_TRACE_CATEGORY_NUM 13 +# define OSSL_TRACE_CATEGORY_PROVIDER_CONF 13 +# define OSSL_TRACE_CATEGORY_NUM 14 /* Returns the trace category number for the given |name| */ int OSSL_trace_get_category_num(const char *name); From builds at travis-ci.org Thu Apr 4 16:41:24 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Apr 2019 16:41:24 +0000 Subject: Still Failing: openssl/openssl#24522 (OpenSSL_1_1_1-stable - 0cbfcc3) In-Reply-To: Message-ID: <5ca633b451a12_43fe1619db9442847af@96b082e4-35ed-4df4-8610-4b1ffd361aed.mail> Build Update for openssl/openssl ------------------------------------- Build: #24522 Status: Still Failing Duration: 25 mins and 40 secs Commit: 0cbfcc3 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Correct the documentation about SSL_CIPHER_description() There are some ciphersuites that were introduced in TLSv1.0/TLSv1.1 but are backwards compatible with SSLv3. Fixes #8655 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8658) (cherry picked from commit 69539990a8152e90dbe1df1124263db126b1e6f3) View the changeset: https://github.com/openssl/openssl/compare/2423b5f07f01...0cbfcc39042b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515784672?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Apr 4 17:23:02 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Apr 2019 17:23:02 +0000 Subject: Still Failing: openssl/openssl#24526 (master - ecbfaef) In-Reply-To: Message-ID: <5ca63d7624d84_43f8bc1e11d242751f0@9663ebdb-4506-4c14-95bd-8ea9ad0f2d57.mail> Build Update for openssl/openssl ------------------------------------- Build: #24526 Status: Still Failing Duration: 20 mins and 12 secs Commit: ecbfaef (master) Author: Dr. Matthias St. Pierre Message: trace: add PROVIDER_CONF trace category Fixes #8667 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8672) View the changeset: https://github.com/openssl/openssl/compare/69539990a815...ecbfaef2aad6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515814579?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Apr 4 22:14:58 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Apr 2019 22:14:58 +0000 Subject: [openssl] master update Message-ID: <1554416098.699329.3722.nullmailer@dev.openssl.org> The branch master has been updated via 0be2cc5eb3faa2c79a705fee5977fa49841c1799 (commit) via 1576dfe090c9566737f026b7d66a9dd7657e499a (commit) via e75455173bd0024ce11a83686bc9dad614068455 (commit) via 9efa0ae0b602c1c0e356009a58410a2e8b80201a (commit) from ecbfaef2aad61fae0c29c04287913af11981b82e (commit) - Log ----------------------------------------------------------------- commit 0be2cc5eb3faa2c79a705fee5977fa49841c1799 Author: Matt Caswell Date: Thu Mar 21 16:41:25 2019 +0000 Complain if there are missing symbols when creating a provider .so file Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8537) commit 1576dfe090c9566737f026b7d66a9dd7657e499a Author: Matt Caswell Date: Thu Mar 21 11:57:35 2019 +0000 Test that we can use the FIPS provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8537) commit e75455173bd0024ce11a83686bc9dad614068455 Author: Matt Caswell Date: Wed Mar 20 14:29:05 2019 +0000 Add a no-fips Configure option Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8537) commit 9efa0ae0b602c1c0e356009a58410a2e8b80201a Author: Matt Caswell Date: Wed Mar 20 14:27:52 2019 +0000 Create a FIPS provider and put SHA256 in it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8537) ----------------------------------------------------------------------- Summary of changes: Configurations/shared-info.pl | 1 + Configure | 7 +- INSTALL | 3 + crypto/build.info | 5 ++ crypto/mem.c | 12 +-- crypto/params.c | 8 ++ crypto/sha/build.info | 2 + providers/build.info | 11 +++ providers/common/digests/build.info | 4 +- providers/fips/build.info | 2 + providers/{default/defltprov.c => fips/fipsprov.c} | 38 +++++----- test/build.info | 3 + test/evp_extra_test.c | 86 +++++++++++++++++----- test/recipes/30-test_evp_extra.t | 5 +- 14 files changed, 139 insertions(+), 48 deletions(-) create mode 100644 providers/fips/build.info copy providers/{default/defltprov.c => fips/fipsprov.c} (66%) diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index 3df12a3..f821ad7 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -32,6 +32,7 @@ my %shared_info; return { %{$shared_info{'gnu-shared'}}, shared_defflag => '-Wl,--version-script=', + dso_ldflags => '-z defs', }; }, 'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; }, diff --git a/Configure b/Configure index 62f4af5..6702bc6 100755 --- a/Configure +++ b/Configure @@ -369,6 +369,7 @@ my @disablables = ( "err", "external-tests", "filenames", + "fips", "fuzz-libfuzzer", "fuzz-afl", "gost", @@ -512,6 +513,8 @@ my @disable_cascades = ( # or modules. "pic" => [ "shared", "module" ], + "module" => [ "fips" ], + "engine" => [ grep /eng$/, @disablables ], "hw" => [ "padlockeng" ], @@ -1221,8 +1224,8 @@ foreach my $what (sort keys %disabled) { $config{options} .= " no-$what"; - if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'module', - 'pic', 'dynamic-engine', 'makedepend', + if (!grep { $what eq $_ } ( 'buildtest-c++', 'fips', 'threads', 'shared', + 'module', 'pic', 'dynamic-engine', 'makedepend', 'zlib-dynamic', 'zlib', 'sse2' )) { (my $WHAT = uc $what) =~ s|-|_|g; my $skipdir = $what; diff --git a/INSTALL b/INSTALL index 5185033..c496e79 100644 --- a/INSTALL +++ b/INSTALL @@ -394,6 +394,9 @@ Don't compile in filename and line number information (e.g. for errors and memory allocation). + no-fips + Don't compile the FIPS module + enable-fuzz-libfuzzer, enable-fuzz-afl Build with support for fuzzing using either libfuzzer or AFL. These are developer options only. They may not work on all diff --git a/crypto/build.info b/crypto/build.info index a6f3524..77dcffb 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -21,6 +21,11 @@ SOURCE[../libcrypto]=\ trace.c provider.c params.c \ {- $target{cpuid_asm_src} -} {- $target{uplink_aux_src} -} +# FIPS module +SOURCE[../providers/fips]=\ + cryptlib.c mem.c mem_clr.c params.c + + DEPEND[cversion.o]=buildinf.h GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" DEPEND[buildinf.h]=../configdata.pm diff --git a/crypto/mem.c b/crypto/mem.c index 5feece3..562d6b5 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -14,7 +14,7 @@ #include #include #include -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#if !defined(OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE) && !defined(FIPS_MODE) # include #endif @@ -30,7 +30,7 @@ static void *(*realloc_impl)(void *, size_t, const char *, int) static void (*free_impl)(void *, const char *, int) = CRYPTO_free; -#ifndef OPENSSL_NO_CRYPTO_MDEBUG +#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE) # include "internal/tsan_assist.h" static TSAN_QUALIFIER int malloc_count; @@ -94,7 +94,7 @@ void CRYPTO_get_mem_functions( *f = free_impl; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG +#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE) void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) { if (mcount != NULL) @@ -209,7 +209,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line) */ allow_customize = 0; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG +#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE) if (call_malloc_debug) { CRYPTO_mem_debug_malloc(NULL, num, 0, file, line); ret = malloc(num); @@ -250,7 +250,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) return NULL; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG +#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE) if (call_malloc_debug) { void *ret; CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line); @@ -300,7 +300,7 @@ void CRYPTO_free(void *str, const char *file, int line) return; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG +#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE) if (call_malloc_debug) { CRYPTO_mem_debug_free(str, 0, file, line); free(str); diff --git a/crypto/params.c b/crypto/params.c index 367b2ab..8eef736 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -348,6 +348,13 @@ OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf, return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, sizeof(size_t), rsize); } +#ifndef FIPS_MODE +/* + * TODO(3.0): Make this available in FIPS mode. + * + * Temporarily we don't include these functions in FIPS mode to avoid pulling + * in the entire BN sub-library into the module at this point. + */ int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val) { BIGNUM *b; @@ -387,6 +394,7 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, bsize, rsize); } +#endif int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val) { diff --git a/crypto/sha/build.info b/crypto/sha/build.info index 58d15bb..242a08e 100644 --- a/crypto/sha/build.info +++ b/crypto/sha/build.info @@ -3,6 +3,8 @@ SOURCE[../../libcrypto]=\ sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} \ {- $target{keccak1600_asm_src} -} +SOURCE[../../providers/fips]= sha256.c + GENERATE[sha1-586.s]=asm/sha1-586.pl \ $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[sha1-586.s]=../perlasm/x86asm.pl diff --git a/providers/build.info b/providers/build.info index ec4162b..b2b5384 100644 --- a/providers/build.info +++ b/providers/build.info @@ -1 +1,12 @@ SUBDIRS=common default + +IF[{- !$disabled{fips} -}] + SUBDIRS=fips + MODULES=fips + IF[{- defined $target{shared_defflag} -}] + SOURCE[fips]=fips.ld + GENERATE[fips.ld]=../util/providers.num + ENDIF + INCLUDE[fips]=.. ../include ../crypto/include + DEFINE[fips]=FIPS_MODE +ENDIF diff --git a/providers/common/digests/build.info b/providers/common/digests/build.info index a3c2369..b98df29 100644 --- a/providers/common/digests/build.info +++ b/providers/common/digests/build.info @@ -1,3 +1,5 @@ -LIBS=../../../libcrypto SOURCE[../../../libcrypto]=\ sha2.c + +SOURCE[../../fips]=\ + sha2.c diff --git a/providers/fips/build.info b/providers/fips/build.info new file mode 100644 index 0000000..9372062 --- /dev/null +++ b/providers/fips/build.info @@ -0,0 +1,2 @@ + +SOURCE[../fips]=fipsprov.c diff --git a/providers/default/defltprov.c b/providers/fips/fipsprov.c similarity index 66% copy from providers/default/defltprov.c copy to providers/fips/fipsprov.c index 9b52429..d3671b5 100644 --- a/providers/default/defltprov.c +++ b/providers/fips/fipsprov.c @@ -19,25 +19,25 @@ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; static OSSL_core_get_params_fn *c_get_params = NULL; /* Parameters we provide to the core */ -static const OSSL_ITEM deflt_param_types[] = { +static const OSSL_ITEM fips_param_types[] = { { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION }, { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO }, { 0, NULL } }; -static const OSSL_ITEM *deflt_get_param_types(const OSSL_PROVIDER *prov) +static const OSSL_ITEM *fips_get_param_types(const OSSL_PROVIDER *prov) { - return deflt_param_types; + return fips_param_types; } -static int deflt_get_params(const OSSL_PROVIDER *prov, +static int fips_get_params(const OSSL_PROVIDER *prov, const OSSL_PARAM params[]) { const OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Default Provider")) + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) @@ -51,36 +51,34 @@ static int deflt_get_params(const OSSL_PROVIDER *prov, extern const OSSL_DISPATCH sha256_functions[]; -static const OSSL_ALGORITHM deflt_digests[] = { - { "SHA256", "default=yes", sha256_functions }, +static const OSSL_ALGORITHM fips_digests[] = { + { "SHA256", "fips=yes", sha256_functions }, { NULL, NULL, NULL } }; -static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, +static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, int operation_id, int *no_cache) { *no_cache = 0; switch (operation_id) { case OSSL_OP_DIGEST: - return deflt_digests; + return fips_digests; } return NULL; } /* Functions we provide to the core */ -static const OSSL_DISPATCH deflt_dispatch_table[] = { - { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES, (void (*)(void))deflt_get_param_types }, - { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))deflt_get_params }, - { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))deflt_query }, +static const OSSL_DISPATCH fips_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES, (void (*)(void))fips_get_param_types }, + { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, { 0, NULL } }; -OSSL_provider_init_fn ossl_default_provider_init; - -int ossl_default_provider_init(const OSSL_PROVIDER *provider, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out) +int OSSL_provider_init(const OSSL_PROVIDER *provider, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out) { for (; in->function_id != 0; in++) { switch (in->function_id) { @@ -90,12 +88,12 @@ int ossl_default_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_CORE_GET_PARAMS: c_get_params = OSSL_get_core_get_params(in); break; + /* Just ignore anything we don't understand */ default: - /* Just ignore anything we don't understand */ break; } } - *out = deflt_dispatch_table; + *out = fips_dispatch_table; return 1; } diff --git a/test/build.info b/test/build.info index 8bf286e..ded3bd7 100644 --- a/test/build.info +++ b/test/build.info @@ -186,6 +186,9 @@ IF[{- !$disabled{tests} -}] SOURCE[evp_extra_test]=evp_extra_test.c INCLUDE[evp_extra_test]=../include ../apps/include ../crypto/include DEPEND[evp_extra_test]=../libcrypto libtestutil.a + IF[{- $disabled{fips} || !$target{dso_scheme} -}] + DEFINE[evp_extra_test]=NO_FIPS_MODULE + ENDIF SOURCE[igetest]=igetest.c INCLUDE[igetest]=../include ../apps/include diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index d09eb31..724a144 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1098,12 +1098,14 @@ static int calculate_digest(const EVP_MD *md, const char *msg, size_t len, * Test 0: Test with the default OPENSSL_CTX * Test 1: Test with an explicit OPENSSL_CTX * Test 2: Explicit OPENSSL_CTX with explicit load of default provider + * Test 3: Explicit OPENSSL_CTX with explicit load of default and fips provider + * Test 4: Explicit OPENSSL_CTX with explicit load of fips provider */ static int test_EVP_MD_fetch(int tst) { OPENSSL_CTX *ctx = NULL; EVP_MD *md = NULL; - OSSL_PROVIDER *prov = NULL; + OSSL_PROVIDER *defltprov = NULL, *fipsprov = NULL; int ret = 0; const char testmsg[] = "Hello world"; const unsigned char exptd[] = { @@ -1117,9 +1119,14 @@ static int test_EVP_MD_fetch(int tst) if (!TEST_ptr(ctx)) goto err; - if (tst == 2) { - prov = OSSL_PROVIDER_load(ctx, "default"); - if (!TEST_ptr(prov)) + if (tst == 2 || tst == 3) { + defltprov = OSSL_PROVIDER_load(ctx, "default"); + if (!TEST_ptr(defltprov)) + goto err; + } + if (tst == 3 || tst == 4) { + fipsprov = OSSL_PROVIDER_load(ctx, "fips"); + if (!TEST_ptr(fipsprov)) goto err; } } @@ -1132,8 +1139,8 @@ static int test_EVP_MD_fetch(int tst) goto err; /* - * Test that without loading any providers or specifying any properties we - * can get a sha256 md from the default provider. + * Test that without specifying any properties we can get a sha256 md from a + * provider. */ if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", NULL)) || !TEST_ptr(md) @@ -1152,28 +1159,67 @@ static int test_EVP_MD_fetch(int tst) md = NULL; /* - * We've only loaded the default provider so explicitly asking for a - * non-default implementation should fail. + * In tests 0 - 2 we've only loaded the default provider so explicitly + * asking for a non-default implementation should fail. In tests 3 and 4 we + * have the FIPS provider loaded so we should succeed in that case. */ - if (!TEST_ptr_null(md = EVP_MD_fetch(ctx, "SHA256", "default=no"))) - goto err; + md = EVP_MD_fetch(ctx, "SHA256", "default=no"); + if (tst == 3 || tst == 4) { + if (!TEST_ptr(md) + || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), + exptd))) + goto err; + } else { + if (!TEST_ptr_null(md)) + goto err; + } - /* Explicitly asking for the default implementation should succeeed */ - if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", "default=yes")) - || !TEST_int_eq(EVP_MD_nid(md), NID_sha256) - || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd)) - || !TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH) - || !TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK)) - goto err; + EVP_MD_meth_free(md); + md = NULL; + + /* + * Explicitly asking for the default implementation should succeeed except + * in test 4 where the default provider is not loaded. + */ + md = EVP_MD_fetch(ctx, "SHA256", "default=yes"); + if (tst != 4) { + if (!TEST_ptr(md) + || !TEST_int_eq(EVP_MD_nid(md), NID_sha256) + || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), + exptd)) + || !TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH) + || !TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK)) + goto err; + } else { + if (!TEST_ptr_null(md)) + goto err; + } EVP_MD_meth_free(md); md = NULL; + /* + * Explicitly asking for a fips implementation should succeed if we have + * the FIPS provider loaded and fail otherwise + */ + md = EVP_MD_fetch(ctx, "SHA256", "fips=yes"); + if (tst == 3 || tst == 4) { + if (!TEST_ptr(md) + || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), + exptd))) + goto err; + } else { + if (!TEST_ptr_null(md)) + goto err; + } + + ret = 1; err: EVP_MD_meth_free(md); - OSSL_PROVIDER_unload(prov); + OSSL_PROVIDER_unload(defltprov); + OSSL_PROVIDER_unload(fipsprov); OPENSSL_CTX_free(ctx); return ret; } @@ -1207,6 +1253,10 @@ int setup_tests(void) ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, OSSL_NELEM(ec_der_pub_keys)); #endif +#ifdef NO_FIPS_MODULE ADD_ALL_TESTS(test_EVP_MD_fetch, 3); +#else + ADD_ALL_TESTS(test_EVP_MD_fetch, 5); +#endif return 1; } diff --git a/test/recipes/30-test_evp_extra.t b/test/recipes/30-test_evp_extra.t index 98ecf26..b6fd97a 100644 --- a/test/recipes/30-test_evp_extra.t +++ b/test/recipes/30-test_evp_extra.t @@ -10,9 +10,12 @@ use strict; use warnings; -use OpenSSL::Test; +use OpenSSL::Test qw/:DEFAULT bldtop_dir/; setup("test_evp_extra"); plan tests => 1; + +$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); + ok(run(test(["evp_extra_test"])), "running evp_extra_test"); From builds at travis-ci.org Thu Apr 4 22:52:17 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Apr 2019 22:52:17 +0000 Subject: Still Failing: openssl/openssl#24537 (master - 0be2cc5) In-Reply-To: Message-ID: <5ca68aa1597d_43f945944113c1518ea@d1728630-0f3b-4afc-98b1-607416bbf135.mail> Build Update for openssl/openssl ------------------------------------- Build: #24537 Status: Still Failing Duration: 36 mins and 41 secs Commit: 0be2cc5 (master) Author: Matt Caswell Message: Complain if there are missing symbols when creating a provider .so file Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8537) View the changeset: https://github.com/openssl/openssl/compare/ecbfaef2aad6...0be2cc5eb3fa View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515943398?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 4 23:34:33 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Apr 2019 23:34:33 +0000 Subject: Build failed: openssl master.23940 Message-ID: <20190404233433.1.A64F25ECD4C051C2@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 4 23:59:40 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Apr 2019 23:59:40 +0000 Subject: Build completed: openssl master.23941 Message-ID: <20190404235940.1.ED06DD78D2EC6561@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 5 00:35:33 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Apr 2019 00:35:33 +0000 Subject: Build failed: openssl master.23943 Message-ID: <20190405003533.1.9C868A4378550923@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Fri Apr 5 01:38:40 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 05 Apr 2019 01:38:40 +0000 Subject: [openssl] master update Message-ID: <1554428320.818792.4863.nullmailer@dev.openssl.org> The branch master has been updated via 3538b0f7ad7c4b67788f444827718a89ffb5b08d (commit) from 0be2cc5eb3faa2c79a705fee5977fa49841c1799 (commit) - Log ----------------------------------------------------------------- commit 3538b0f7ad7c4b67788f444827718a89ffb5b08d Author: Pauli Date: Mon Apr 1 10:04:57 2019 +1000 Move the AES-XTS mode duplicated key check into the init_key function rather than the update call. The means an earlier error return at the cost of some duplicated code. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8625) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 4 + crypto/evp/e_aes.c | 126 +++++++++++++++++------------- crypto/evp/evp_err.c | 6 ++ include/openssl/evperr.h | 4 + test/recipes/30-test_evp_data/evpciph.txt | 2 +- 5 files changed, 86 insertions(+), 56 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 6782966..472413a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -754,13 +754,16 @@ ESS_F_ESS_SIGNING_CERT_NEW_INIT:102:ESS_SIGNING_CERT_new_init ESS_F_ESS_SIGNING_CERT_V2_ADD:105:ESS_SIGNING_CERT_V2_add ESS_F_ESS_SIGNING_CERT_V2_NEW_INIT:103:ESS_SIGNING_CERT_V2_new_init EVP_F_AESNI_INIT_KEY:165:aesni_init_key +EVP_F_AESNI_XTS_INIT_KEY:232:aesni_xts_init_key EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl EVP_F_AES_GCM_TLS_CIPHER:207:aes_gcm_tls_cipher EVP_F_AES_INIT_KEY:133:aes_init_key EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key +EVP_F_AES_T4_XTS_INIT_KEY:233:aes_t4_xts_init_key EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher EVP_F_AES_XTS_CIPHER:229:aes_xts_cipher +EVP_F_AES_XTS_INIT_KEY:234:aes_xts_init_key EVP_F_ALG_MODULE_INIT:177:alg_module_init EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl @@ -2421,6 +2424,7 @@ EVP_R_UPDATE_ERROR:189:update error EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE:191:xts data unit is too large +EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys KDF_R_INVALID_DIGEST:100:invalid digest KDF_R_INVALID_MAC_TYPE:116:invalid mac type KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index b628c05..4f98cdc 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -390,22 +390,33 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; if (key) { + /* The key is two half length keys in reality */ + const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + const int bits = bytes * 8; + + /* + * Verify that the two keys are different. + * + * This addresses Rogaway's vulnerability. + * See comment in aes_xts_init_key() below. + */ + if (memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; + } + /* key_len is two AES keys */ if (enc) { - aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + aesni_set_encrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) aesni_encrypt; xctx->stream = aesni_xts_encrypt; } else { - aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + aesni_set_decrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) aesni_decrypt; xctx->stream = aesni_xts_decrypt; } - aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks2.ks); + aesni_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); xctx->xts.block2 = (block128_f) aesni_encrypt; xctx->xts.key1 = &xctx->ks1; @@ -796,7 +807,21 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; if (key) { - int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; + /* The key is two half length keys in reality */ + const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + const int bits = bytes * 8; + + /* + * Verify that the two keys are different. + * + * This addresses Rogaway's vulnerability. + * See comment in aes_xts_init_key() below. + */ + if (memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; + } + xctx->stream = NULL; /* key_len is two AES keys */ if (enc) { @@ -813,8 +838,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 0; } } else { - aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + aes_t4_set_decrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) aes_t4_decrypt; switch (bits) { case 128: @@ -828,9 +852,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } } - aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks2.ks); + aes_t4_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); xctx->xts.block2 = (block128_f) aes_t4_encrypt; xctx->xts.key1 = &xctx->ks1; @@ -3414,8 +3436,33 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (!iv && !key) return 1; - if (key) + if (key) { do { + /* The key is two half length keys in reality */ + const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + const int bits = bytes * 8; + + /* + * Verify that the two keys are different. + * + * This addresses the vulnerability described in Rogaway's + * September 2004 paper: + * + * "Efficient Instantiations of Tweakable Blockciphers and + * Refinements to Modes OCB and PMAC". + * (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf) + * + * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states + * that: + * "The check for Key_1 != Key_2 shall be done at any place + * BEFORE using the keys in the XTS-AES algorithm to process + * data with them." + */ + if (memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; + } + #ifdef AES_XTS_ASM xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; #else @@ -3425,26 +3472,20 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { if (enc) { - HWAES_set_encrypt_key(key, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + HWAES_set_encrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) HWAES_encrypt; # ifdef HWAES_xts_encrypt xctx->stream = HWAES_xts_encrypt; # endif } else { - HWAES_set_decrypt_key(key, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + HWAES_set_decrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) HWAES_decrypt; # ifdef HWAES_xts_decrypt xctx->stream = HWAES_xts_decrypt; #endif } - HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks2.ks); + HWAES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); xctx->xts.block2 = (block128_f) HWAES_encrypt; xctx->xts.key1 = &xctx->ks1; @@ -3459,20 +3500,14 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { if (enc) { - vpaes_set_encrypt_key(key, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + vpaes_set_encrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) vpaes_encrypt; } else { - vpaes_set_decrypt_key(key, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + vpaes_set_decrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) vpaes_decrypt; } - vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks2.ks); + vpaes_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); xctx->xts.block2 = (block128_f) vpaes_encrypt; xctx->xts.key1 = &xctx->ks1; @@ -3482,22 +3517,19 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, (void)0; /* terminate potentially open 'else' */ if (enc) { - AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + AES_set_encrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) AES_encrypt; } else { - AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks1.ks); + AES_set_decrypt_key(key, bits, &xctx->ks1.ks); xctx->xts.block1 = (block128_f) AES_decrypt; } - AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks2.ks); + AES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); xctx->xts.block2 = (block128_f) AES_encrypt; xctx->xts.key1 = &xctx->ks1; } while (0); + } if (iv) { xctx->xts.key2 = &xctx->ks2; @@ -3530,22 +3562,6 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; } - /* - * Verify that the two keys are different. - * - * This addresses the vulnerability described in Rogaway's September 2004 - * paper (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf): - * "Efficient Instantiations of Tweakable Blockciphers and Refinements - * to Modes OCB and PMAC". - * - * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states that: - * "The check for Key_1 != Key_2 shall be done at any place BEFORE - * using the keys in the XTS-AES algorithm to process data with them." - */ - if (CRYPTO_memcmp(xctx->xts.key1, xctx->xts.key2, - EVP_CIPHER_CTX_key_length(ctx) / 2) == 0) - return 0; - if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index a3e01fd..1a4f381 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -15,13 +15,17 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_TLS_CIPHER, 0), "aes_gcm_tls_cipher"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), + "aes_t4_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, @@ -307,6 +311,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "wrong final block length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), "xts data unit is too large"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), + "xts duplicated keys"}, {0, NULL} }; diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 34d5e60..da16a10 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -24,13 +24,16 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_INIT_KEY 232 # define EVP_F_AES_GCM_CTRL 196 # define EVP_F_AES_GCM_TLS_CIPHER 207 # define EVP_F_AES_INIT_KEY 133 # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_T4_XTS_INIT_KEY 233 # define EVP_F_AES_WRAP_CIPHER 170 # define EVP_F_AES_XTS_CIPHER 229 +# define EVP_F_AES_XTS_INIT_KEY 234 # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 @@ -228,5 +231,6 @@ int ERR_load_EVP_strings(void); # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 # define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 +# define EVP_R_XTS_DUPLICATED_KEYS 192 #endif diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index c6a117c..7c87a6f 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -1184,7 +1184,7 @@ Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e -Result = CIPHERUPDATE_ERROR +Result = KEY_SET_ERROR Cipher = aes-128-xts Key = 1111111111111111111111111111111122222222222222222222222222222222 From openssl at openssl.org Fri Apr 5 01:40:23 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Apr 2019 01:40:23 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1554428423.592292.16262.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: ecbfaef2aa trace: add PROVIDER_CONF trace category 69539990a8 Correct the documentation about SSL_CIPHER_description() fd3a904636 Skip the correct number of tests if SM2 is disabled 2a2bc6fc12 For provider tests, don't define a OPENSSL_NO_ macro 706b6333a6 Document the 'no-module' configuration option e321ba28e8 Correct EVP_F_EVP_MD_BLOCK_SIZE number From no-reply at appveyor.com Fri Apr 5 01:43:12 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Apr 2019 01:43:12 +0000 Subject: Build failed: openssl master.23948 Message-ID: <20190405014312.1.2E259A293AB602BD@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 5 01:56:15 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Apr 2019 01:56:15 +0000 Subject: Still Failing: openssl/openssl#24547 (master - 3538b0f) In-Reply-To: Message-ID: <5ca6b5bec682d_43fb94e8a81e8158247@2b2f2871-e097-4704-917c-370b12eefe0d.mail> Build Update for openssl/openssl ------------------------------------- Build: #24547 Status: Still Failing Duration: 17 mins and 0 secs Commit: 3538b0f (master) Author: Pauli Message: Move the AES-XTS mode duplicated key check into the init_key function rather than the update call. The means an earlier error return at the cost of some duplicated code. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8625) View the changeset: https://github.com/openssl/openssl/compare/0be2cc5eb3fa...3538b0f7ad7c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/515993808?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 5 02:29:51 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Apr 2019 02:29:51 +0000 Subject: Build completed: openssl master.23949 Message-ID: <20190405022951.1.8DA04962ACC7CE8D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 5 02:42:30 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Apr 2019 02:42:30 +0000 Subject: Build failed: openssl master.23950 Message-ID: <20190405024230.1.4B054C049522DB87@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 5 03:33:42 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Apr 2019 03:33:42 +0000 Subject: Build completed: openssl master.23951 Message-ID: <20190405033342.1.F4DDE636237ECEDC@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Apr 5 06:04:04 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Apr 2019 06:04:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1554444244.936732.15785.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: ecbfaef2aa trace: add PROVIDER_CONF trace category 69539990a8 Correct the documentation about SSL_CIPHER_description() fd3a904636 Skip the correct number of tests if SM2 is disabled 2a2bc6fc12 For provider tests, don't define a OPENSSL_NO_ macro 706b6333a6 Document the 'no-module' configuration option e321ba28e8 Correct EVP_F_EVP_MD_BLOCK_SIZE number Build log ended with (last 100 lines): ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/02-test_internal_provider.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 ../../openssl/test/recipes/04-test_provider.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=168, Tests=1294, 247 wallclock secs ( 0.89 usr 0.40 sys + 220.54 cusr 12.13 csys = 233.96 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Fri Apr 5 08:41:17 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 05 Apr 2019 08:41:17 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554453677.007324.12594.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via c15ef410e1898224736813b8b8e50caf7e5eadba (commit) from 0cbfcc39042bb1ff16d4500979d34fcdae3ec602 (commit) - Log ----------------------------------------------------------------- commit c15ef410e1898224736813b8b8e50caf7e5eadba Author: Pauli Date: Fri Apr 5 14:43:18 2019 +1000 Add the prediction_resistance flag to the documentation. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8678) ----------------------------------------------------------------------- Summary of changes: doc/man3/RAND_DRBG_reseed.pod | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod index da3a40b..a0a4e56 100644 --- a/doc/man3/RAND_DRBG_reseed.pod +++ b/doc/man3/RAND_DRBG_reseed.pod @@ -13,7 +13,8 @@ RAND_DRBG_set_reseed_defaults #include int RAND_DRBG_reseed(RAND_DRBG *drbg, - const unsigned char *adin, size_t adinlen); + const unsigned char *adin, size_t adinlen, + int prediction_resistance); int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); @@ -37,6 +38,10 @@ and mixing in the specified additional data provided in the buffer B of length B. The additional data can be omitted by setting B to NULL and B to 0. +An immediate reseeding from a live entropy source can be requested by setting +the B flag to 1. +This feature is not implemented yet, so reseeding with prediction resistance +requested will always fail. RAND_DRBG_set_reseed_interval() sets the reseed interval of the B, which is the maximum allowed number From builds at travis-ci.org Fri Apr 5 09:00:15 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Apr 2019 09:00:15 +0000 Subject: Still Failing: openssl/openssl#24554 (OpenSSL_1_1_1-stable - c15ef41) In-Reply-To: Message-ID: <5ca7191fa7368_43fd4395ac33063320@3913acb2-b7f2-4ca0-946b-0094b86f55fa.mail> Build Update for openssl/openssl ------------------------------------- Build: #24554 Status: Still Failing Duration: 18 mins and 15 secs Commit: c15ef41 (OpenSSL_1_1_1-stable) Author: Pauli Message: Add the prediction_resistance flag to the documentation. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8678) View the changeset: https://github.com/openssl/openssl/compare/0cbfcc39042b...c15ef410e189 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516086687?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Apr 5 09:30:41 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 05 Apr 2019 09:30:41 +0000 Subject: [openssl] master update Message-ID: <1554456641.577808.11161.nullmailer@dev.openssl.org> The branch master has been updated via 0f5163bd1c9d993ec54b690b9da8d13efe089be0 (commit) from 3538b0f7ad7c4b67788f444827718a89ffb5b08d (commit) - Log ----------------------------------------------------------------- commit 0f5163bd1c9d993ec54b690b9da8d13efe089be0 Author: Richard Levitte Date: Fri Apr 5 11:15:23 2019 +0200 Fix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZE The three macros EVP_F_AESNI_XTS_INIT_KEY, EVP_F_AES_T4_XTS_INIT_KEY and EVP_F_AES_XTS_INIT_KEY are affected. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8682) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 6 +++--- include/openssl/evperr.h | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 472413a..19a418f 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -754,16 +754,16 @@ ESS_F_ESS_SIGNING_CERT_NEW_INIT:102:ESS_SIGNING_CERT_new_init ESS_F_ESS_SIGNING_CERT_V2_ADD:105:ESS_SIGNING_CERT_V2_add ESS_F_ESS_SIGNING_CERT_V2_NEW_INIT:103:ESS_SIGNING_CERT_V2_new_init EVP_F_AESNI_INIT_KEY:165:aesni_init_key -EVP_F_AESNI_XTS_INIT_KEY:232:aesni_xts_init_key +EVP_F_AESNI_XTS_INIT_KEY:233:aesni_xts_init_key EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl EVP_F_AES_GCM_TLS_CIPHER:207:aes_gcm_tls_cipher EVP_F_AES_INIT_KEY:133:aes_init_key EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key -EVP_F_AES_T4_XTS_INIT_KEY:233:aes_t4_xts_init_key +EVP_F_AES_T4_XTS_INIT_KEY:234:aes_t4_xts_init_key EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher EVP_F_AES_XTS_CIPHER:229:aes_xts_cipher -EVP_F_AES_XTS_INIT_KEY:234:aes_xts_init_key +EVP_F_AES_XTS_INIT_KEY:235:aes_xts_init_key EVP_F_ALG_MODULE_INIT:177:alg_module_init EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index da16a10..5d3c576 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -24,16 +24,16 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 -# define EVP_F_AESNI_XTS_INIT_KEY 232 +# define EVP_F_AESNI_XTS_INIT_KEY 233 # define EVP_F_AES_GCM_CTRL 196 # define EVP_F_AES_GCM_TLS_CIPHER 207 # define EVP_F_AES_INIT_KEY 133 # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 -# define EVP_F_AES_T4_XTS_INIT_KEY 233 +# define EVP_F_AES_T4_XTS_INIT_KEY 234 # define EVP_F_AES_WRAP_CIPHER 170 # define EVP_F_AES_XTS_CIPHER 229 -# define EVP_F_AES_XTS_INIT_KEY 234 +# define EVP_F_AES_XTS_INIT_KEY 235 # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 From builds at travis-ci.org Fri Apr 5 09:56:02 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Apr 2019 09:56:02 +0000 Subject: Still Failing: openssl/openssl#24564 (master - 0f5163b) In-Reply-To: Message-ID: <5ca72632b3d32_43f8d78d778b0208550@f6b408e5-7770-41c4-86b4-066bfbce3867.mail> Build Update for openssl/openssl ------------------------------------- Build: #24564 Status: Still Failing Duration: 22 mins and 8 secs Commit: 0f5163b (master) Author: Richard Levitte Message: Fix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZE The three macros EVP_F_AESNI_XTS_INIT_KEY, EVP_F_AES_T4_XTS_INIT_KEY and EVP_F_AES_XTS_INIT_KEY are affected. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8682) View the changeset: https://github.com/openssl/openssl/compare/3538b0f7ad7c...0f5163bd1c9d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516105405?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Apr 5 10:40:44 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 05 Apr 2019 10:40:44 +0000 Subject: [openssl] master update Message-ID: <1554460844.979920.22157.nullmailer@dev.openssl.org> The branch master has been updated via e3af453baceee7401ba0c5044a4c3aeaf246406f (commit) from 0f5163bd1c9d993ec54b690b9da8d13efe089be0 (commit) - Log ----------------------------------------------------------------- commit e3af453baceee7401ba0c5044a4c3aeaf246406f Author: Richard Levitte Date: Fri Apr 5 10:28:32 2019 +0200 OPENSSL_init_crypto(): check config return code correctly It was assumed that the config functionality returned a boolean. However, it may return a negative number on error, so we need to take that into account. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8679) ----------------------------------------------------------------------- Summary of changes: crypto/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/init.c b/crypto/init.c index 463da98..43fe1a6 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -670,7 +670,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) ret = RUN_ONCE(&config, ossl_init_config); conf_settings = NULL; CRYPTO_THREAD_unlock(init_lock); - if (!ret) + if (ret <= 0) return 0; } From levitte at openssl.org Fri Apr 5 10:41:24 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 05 Apr 2019 10:41:24 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554460884.687438.23186.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via b7534359306754b90a4f18aa5231477510488713 (commit) from c15ef410e1898224736813b8b8e50caf7e5eadba (commit) - Log ----------------------------------------------------------------- commit b7534359306754b90a4f18aa5231477510488713 Author: Richard Levitte Date: Fri Apr 5 10:28:32 2019 +0200 OPENSSL_init_crypto(): check config return code correctly It was assumed that the config functionality returned a boolean. However, it may return a negative number on error, so we need to take that into account. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8679) (cherry picked from commit e3af453baceee7401ba0c5044a4c3aeaf246406f) ----------------------------------------------------------------------- Summary of changes: crypto/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/init.c b/crypto/init.c index dc6ec39..afb2133 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -702,7 +702,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) ret = RUN_ONCE(&config, ossl_init_config); conf_settings = NULL; CRYPTO_THREAD_unlock(init_lock); - if (!ret) + if (ret <= 0) return 0; } From levitte at openssl.org Fri Apr 5 10:52:24 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 05 Apr 2019 10:52:24 +0000 Subject: [openssl] master update Message-ID: <1554461544.220187.25835.nullmailer@dev.openssl.org> The branch master has been updated via bc362b9b72021c2a066102f4f6bee5afc981e07a (commit) via 0196ad63d385bcf4382266268d5be074461d3739 (commit) via 71849dff56d62802bef11b0643446588ae25122e (commit) from e3af453baceee7401ba0c5044a4c3aeaf246406f (commit) - Log ----------------------------------------------------------------- commit bc362b9b72021c2a066102f4f6bee5afc981e07a Author: Richard Levitte Date: Fri Apr 5 11:20:28 2019 +0200 Convert the ENGINE_CONF trace calls to use CONF instead Additionally, merge ENGINE_CONF into CONF. Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8680) commit 0196ad63d385bcf4382266268d5be074461d3739 Author: Richard Levitte Date: Fri Apr 5 11:02:17 2019 +0200 Add a bit of tracing in the core conf module runner Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8680) commit 71849dff56d62802bef11b0643446588ae25122e Author: Richard Levitte Date: Fri Apr 5 10:58:16 2019 +0200 Rename the PROVIDER_CONF trace to CONF Other configuration modules may have use for tracing, and having one tracing category for each of them is a bit much. Instead, we make one category for them all. Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8680) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_mod.c | 4 ++++ crypto/engine/eng_cnf.c | 6 +++--- crypto/provider_conf.c | 19 ++++++++++++------- crypto/trace.c | 3 +-- include/openssl/trace.h | 5 ++--- 5 files changed, 22 insertions(+), 15 deletions(-) diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 3ad09a7..56b1946 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -14,6 +14,7 @@ #include "internal/conf.h" #include "internal/dso.h" #include +#include #define DSO_mod_init_name "OPENSSL_init" #define DSO_mod_finish_name "OPENSSL_finish" @@ -92,6 +93,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, return 1; } + OSSL_TRACE1(CONF, "Configuration in section %s\n", vsection); values = NCONF_get_section(cnf, vsection); if (!values) @@ -100,6 +102,8 @@ int CONF_modules_load(const CONF *cnf, const char *appname, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { vl = sk_CONF_VALUE_value(values, i); ret = module_run(cnf, vl->name, vl->value, flags); + OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n", + vl->name, vl->value, ret); if (ret <= 0) if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) return ret; diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index c87a8a1..9f647c4 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -49,7 +49,7 @@ static int int_engine_configure(const char *name, const char *value, const CONF int soft = 0; name = skip_dot(name); - OSSL_TRACE1(ENGINE_CONF, "Configuring engine %s\n", name); + OSSL_TRACE1(CONF, "Configuring engine %s\n", name); /* Value is a section containing ENGINE commands */ ecmds = NCONF_get_section(cnf, value); @@ -63,7 +63,7 @@ static int int_engine_configure(const char *name, const char *value, const CONF ecmd = sk_CONF_VALUE_value(ecmds, i); ctrlname = skip_dot(ecmd->name); ctrlvalue = ecmd->value; - OSSL_TRACE2(ENGINE_CONF, "ENGINE conf: doing ctrl(%s,%s)\n", + OSSL_TRACE2(CONF, "ENGINE: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue); /* First handle some special pseudo ctrls */ @@ -148,7 +148,7 @@ static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) STACK_OF(CONF_VALUE) *elist; CONF_VALUE *cval; int i; - OSSL_TRACE2(ENGINE_CONF, "Called engine module: name %s, value %s\n", + OSSL_TRACE2(CONF, "Called engine module: name %s, value %s\n", CONF_imodule_get_name(md), CONF_imodule_get_value(md)); /* Value is a section containing ENGINEs to configure */ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index 9d9b7a1..74162a8 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -35,14 +35,14 @@ static int provider_conf_params(OSSL_PROVIDER *prov, STACK_OF(CONF_VALUE) *sect; int ok = 1; - OSSL_TRACE2(PROVIDER_CONF, "PROVIDER conf: %s = %s\n", name, value); - sect = NCONF_get_section(cnf, value); if (sect != NULL) { int i; char buffer[512]; size_t buffer_len = 0; + OSSL_TRACE1(CONF, "Provider params: start section %s\n", value); + if (name != NULL) { OPENSSL_strlcpy(buffer, name, sizeof(buffer)); OPENSSL_strlcat(buffer, ".", sizeof(buffer)); @@ -59,7 +59,10 @@ static int provider_conf_params(OSSL_PROVIDER *prov, if (!provider_conf_params(prov, buffer, sectconf->value, cnf)) return 0; } + + OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value); } else { + OSSL_TRACE2(CONF, "Provider params: %s = %s\n", name, value); ok = ossl_provider_add_parameter(prov, name, value); } @@ -78,7 +81,7 @@ static int provider_conf_load(OPENSSL_CTX *libctx, const char *name, int ok = 0; name = skip_dot(name); - OSSL_TRACE1(PROVIDER_CONF, "Configuring provider %s\n", name); + OSSL_TRACE1(CONF, "Configuring provider %s\n", name); /* Value is a section containing PROVIDER commands */ ecmds = NCONF_get_section(cnf, value); @@ -93,7 +96,7 @@ static int provider_conf_load(OPENSSL_CTX *libctx, const char *name, const char *confname = skip_dot(ecmd->name); const char *confvalue = ecmd->value; - OSSL_TRACE2(PROVIDER_CONF, "PROVIDER conf: %s = %s\n", + OSSL_TRACE2(CONF, "Provider command: %s = %s\n", confname, confvalue); /* First handle some special pseudo confs */ @@ -145,8 +148,9 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) CONF_VALUE *cval; int i; - OSSL_TRACE2(PROVIDER_CONF, "Loading provider module: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + OSSL_TRACE1(CONF, "Loading providers module: section %s\n", + CONF_imodule_get_value(md)); + /* Value is a section containing PROVIDERs to configure */ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); @@ -170,10 +174,11 @@ static void provider_conf_deinit(CONF_IMODULE *md) { sk_OSSL_PROVIDER_pop_free(activated_providers, ossl_provider_free); activated_providers = NULL; - OSSL_TRACE(PROVIDER_CONF, "Cleaned up providers\n"); + OSSL_TRACE(CONF, "Cleaned up providers\n"); } void ossl_provider_add_conf_module(void) { + OSSL_TRACE(CONF, "Adding config module 'providers'\n"); CONF_module_add("providers", provider_conf_init, provider_conf_deinit); } diff --git a/crypto/trace.c b/crypto/trace.c index c9623b0..ecfc6d4 100644 --- a/crypto/trace.c +++ b/crypto/trace.c @@ -124,7 +124,7 @@ static const struct trace_category_st trace_categories[] = { TRACE_CATEGORY_(INIT), TRACE_CATEGORY_(TLS), TRACE_CATEGORY_(TLS_CIPHER), - TRACE_CATEGORY_(ENGINE_CONF), + TRACE_CATEGORY_(CONF), TRACE_CATEGORY_(ENGINE_TABLE), TRACE_CATEGORY_(ENGINE_REF_COUNT), TRACE_CATEGORY_(PKCS5V2), @@ -132,7 +132,6 @@ static const struct trace_category_st trace_categories[] = { TRACE_CATEGORY_(PKCS12_DECRYPT), TRACE_CATEGORY_(X509V3_POLICY), TRACE_CATEGORY_(BN_CTX), - TRACE_CATEGORY_(PROVIDER_CONF), }; const char *OSSL_trace_get_category_name(int num) diff --git a/include/openssl/trace.h b/include/openssl/trace.h index aff1a32..79598ab 100644 --- a/include/openssl/trace.h +++ b/include/openssl/trace.h @@ -41,7 +41,7 @@ extern "C" { # define OSSL_TRACE_CATEGORY_INIT 2 # define OSSL_TRACE_CATEGORY_TLS 3 # define OSSL_TRACE_CATEGORY_TLS_CIPHER 4 -# define OSSL_TRACE_CATEGORY_ENGINE_CONF 5 +# define OSSL_TRACE_CATEGORY_CONF 5 # define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 # define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 # define OSSL_TRACE_CATEGORY_PKCS5V2 8 @@ -49,8 +49,7 @@ extern "C" { # define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 # define OSSL_TRACE_CATEGORY_X509V3_POLICY 11 # define OSSL_TRACE_CATEGORY_BN_CTX 12 -# define OSSL_TRACE_CATEGORY_PROVIDER_CONF 13 -# define OSSL_TRACE_CATEGORY_NUM 14 +# define OSSL_TRACE_CATEGORY_NUM 13 /* Returns the trace category number for the given |name| */ int OSSL_trace_get_category_num(const char *name); From builds at travis-ci.org Fri Apr 5 11:04:52 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Apr 2019 11:04:52 +0000 Subject: Still Failing: openssl/openssl#24573 (master - e3af453) In-Reply-To: Message-ID: <5ca7365442300_43f997d57988c22667d@1a72a56c-a120-4515-a0ec-9595f036005d.mail> Build Update for openssl/openssl ------------------------------------- Build: #24573 Status: Still Failing Duration: 23 mins and 35 secs Commit: e3af453 (master) Author: Richard Levitte Message: OPENSSL_init_crypto(): check config return code correctly It was assumed that the config functionality returned a boolean. However, it may return a negative number on error, so we need to take that into account. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8679) View the changeset: https://github.com/openssl/openssl/compare/0f5163bd1c9d...e3af453bacee View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516129183?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 5 11:25:20 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Apr 2019 11:25:20 +0000 Subject: Still Failing: openssl/openssl#24576 (master - bc362b9) In-Reply-To: Message-ID: <5ca73b2087bd_43fd4395b7e249651d@3913acb2-b7f2-4ca0-946b-0094b86f55fa.mail> Build Update for openssl/openssl ------------------------------------- Build: #24576 Status: Still Failing Duration: 22 mins and 13 secs Commit: bc362b9 (master) Author: Richard Levitte Message: Convert the ENGINE_CONF trace calls to use CONF instead Additionally, merge ENGINE_CONF into CONF. Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8680) View the changeset: https://github.com/openssl/openssl/compare/e3af453bacee...bc362b9b7202 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516132695?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 5 11:14:14 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Apr 2019 11:14:14 +0000 Subject: Still Failing: openssl/openssl#24574 (OpenSSL_1_1_1-stable - b753435) In-Reply-To: Message-ID: <5ca7388683728_43fe8e1330c0c2279a4@7d329c44-9bbd-4c46-853d-baa7bf57206c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24574 Status: Still Failing Duration: 22 mins and 52 secs Commit: b753435 (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: OPENSSL_init_crypto(): check config return code correctly It was assumed that the config functionality returned a boolean. However, it may return a negative number on error, so we need to take that into account. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8679) (cherry picked from commit e3af453baceee7401ba0c5044a4c3aeaf246406f) View the changeset: https://github.com/openssl/openssl/compare/c15ef410e189...b75343593067 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516129396?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Apr 5 13:53:43 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 05 Apr 2019 13:53:43 +0000 Subject: [openssl] master update Message-ID: <1554472423.434593.23139.nullmailer@dev.openssl.org> The branch master has been updated via de3955f66225e42bfae710c50b51c98aa4616ac1 (commit) via cb92964563a053d5d9c0810912fa6d3ff35c1e16 (commit) from bc362b9b72021c2a066102f4f6bee5afc981e07a (commit) - Log ----------------------------------------------------------------- commit de3955f66225e42bfae710c50b51c98aa4616ac1 Author: Richard Levitte Date: Fri Apr 5 10:53:11 2019 +0200 EVP configuration section: add 'default_properties' command The value of the 'default_properties' command is simply passed to EVP_set_default_properties(). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8681) commit cb92964563a053d5d9c0810912fa6d3ff35c1e16 Author: Richard Levitte Date: Fri Apr 5 10:46:18 2019 +0200 EVP_set_default_properties(): New function to set global properties EVP_MD_fetch() can be given a property query string. However, there are cases when it won't, for example in implicit fetches. Therefore, we also need a way to set a global property query string to be used in all subsequent fetches. This also applies to all future algorithm fetching functions. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8681) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/evp/evp_cnf.c | 22 +++++++++++--- crypto/evp/evp_err.c | 2 ++ crypto/evp/evp_fetch.c | 13 +++++++-- doc/man3/EVP_MD_fetch.pod | 11 ++++--- doc/man3/EVP_set_default_properties.pod | 52 +++++++++++++++++++++++++++++++++ doc/man5/config.pod | 29 +++++++++++++++--- include/openssl/evp.h | 2 ++ include/openssl/evperr.h | 1 + util/libcrypto.num | 1 + 10 files changed, 120 insertions(+), 14 deletions(-) create mode 100644 doc/man3/EVP_set_default_properties.pod diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 19a418f..a3d15c9 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -858,6 +858,7 @@ EVP_F_EVP_PKEY_VERIFY:142:EVP_PKEY_verify EVP_F_EVP_PKEY_VERIFY_INIT:143:EVP_PKEY_verify_init EVP_F_EVP_PKEY_VERIFY_RECOVER:144:EVP_PKEY_verify_recover EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT:145:EVP_PKEY_verify_recover_init +EVP_F_EVP_SET_DEFAULT_PROPERTIES:236:EVP_set_default_properties EVP_F_EVP_SIGNFINAL:107:EVP_SignFinal EVP_F_EVP_VERIFYFINAL:108:EVP_VerifyFinal EVP_F_GMAC_CTRL:215:gmac_ctrl diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index f75ea67..7cfa0a2 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -13,9 +13,11 @@ #include #include #include +#include /* Algorithm configuration module. */ +/* TODO(3.0): the config module functions should be passed a library context */ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) { int i; @@ -23,6 +25,9 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *oval; + OSSL_TRACE2(CONF, "Loading EVP module: name %s, value %s\n", + CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + oid_section = CONF_imodule_get_value(md); if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); @@ -32,18 +37,26 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) oval = sk_CONF_VALUE_value(sktmp, i); if (strcmp(oval->name, "fips_mode") == 0) { int m; + if (!X509V3_get_value_bool(oval, &m)) { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); return 0; } - if (m > 0) { - EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED); - return 0; - } + /* + * fips_mode is deprecated and should not be used in new + * configurations. Old configurations are likely to ONLY + * have this, so we assume that no default properties have + * been set before this. + */ + if (m > 0) + EVP_set_default_properties(NULL, "fips=yes"); + } else if (strcmp(oval->name, "default_properties") == 0) { + EVP_set_default_properties(NULL, oval->value); } else { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); ERR_add_error_data(4, "name=", oval->name, ", value=", oval->value); + return 0; } } @@ -52,5 +65,6 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) void EVP_add_alg_module(void) { + OSSL_TRACE(CONF, "Adding config module 'alg_section'\n"); CONF_module_add("alg_section", alg_module_init, 0); } diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 1a4f381..a9f8800 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -156,6 +156,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = { "EVP_PKEY_verify_recover"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, 0), "EVP_PKEY_verify_recover_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SET_DEFAULT_PROPERTIES, 0), + "EVP_set_default_properties"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SIGNFINAL, 0), "EVP_SignFinal"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_VERIFYFINAL, 0), "EVP_VerifyFinal"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_GMAC_CTRL, 0), "gmac_ctrl"}, diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index e50dd59..329129d 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -78,8 +78,7 @@ static void *alloc_tmp_method_store(void) ossl_method_store_free(store); } -static -struct OSSL_METHOD_STORE *get_default_method_store(OPENSSL_CTX *libctx) +static OSSL_METHOD_STORE *get_default_method_store(OPENSSL_CTX *libctx) { if (!RUN_ONCE(&default_method_store_init_flag, do_default_method_store_init)) @@ -195,3 +194,13 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, return method; } + +int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) +{ + OSSL_METHOD_STORE *store = get_default_method_store(libctx); + + if (store != NULL) + return ossl_method_store_set_global_properties(store, propq); + EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR); + return 0; +} diff --git a/doc/man3/EVP_MD_fetch.pod b/doc/man3/EVP_MD_fetch.pod index 9653604..cba3bc4 100644 --- a/doc/man3/EVP_MD_fetch.pod +++ b/doc/man3/EVP_MD_fetch.pod @@ -39,9 +39,11 @@ algorithm from the default provider. With explicit fetch an application uses the EVP_MD_fetch() function to obtain an algorithm implementation. An implementation with the given name and -satisfying the search criteria specified in the B parameter will be -looked for within the available providers and returned. See L -for information about providers. +satisfying the search criteria specified in the B parameter +combined with the default search criteria will be looked for within the +available providers and returned. +See L for information on default search criteria +and L for information about providers. =item User defined @@ -156,7 +158,8 @@ other providers: =head1 SEE ALSO L, L, L, -L, L, L +L, L, L, +L =head1 HISTORY diff --git a/doc/man3/EVP_set_default_properties.pod b/doc/man3/EVP_set_default_properties.pod new file mode 100644 index 0000000..077913c --- /dev/null +++ b/doc/man3/EVP_set_default_properties.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +EVP_set_default_properties +- Set default properties for future algorithm fetches + +=head1 SYNOPSIS + + #include + + int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); + +=head1 DESCRIPTION + +EVP_set_default_properties() sets the default properties for all +future EVP algorithm fetches, implicit as well as explicit. + +=for comment TODO(3.0) We should consider having an EVP document in +section 7 that details everything about implicit vs explicit fetches +and how they relate to properties. + +EVP_set_default_properties stores the properties given with the string +I among the EVP data that's been stored in the library context +given with I (NULL signifies the default library context). + +Any previous default property for the specified library context will +be dropped. + +=head1 RETURN VALUES + +EVP_set_default_properties() returns 1 on success, or 0 on failure. +The latter adds an error on the error stack. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The functions described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 985b07f..cac4ef6 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -274,12 +274,33 @@ available to the provider. =head2 EVP Configuration Module -This modules has the name B which points to a section containing +This module has the name B which points to a section containing algorithm commands. -Currently the only algorithm command supported is B whose -value can only be the boolean string B. If B is set to B, -an error occurs as this library version is not FIPS capable. +The supported algorithm commands are: + +=over 4 + +=item B + +The value may be anything that is acceptable as a property query +string for EVP_set_default_properties(). + +=item B (deprecated) + +The value is a boolean that can be B or B. If the value is +B, this is exactly equivalent to: + + default_properties = fips=yes + +If the value is B, nothing happens. + +=back + +These two commands should not be used together, as there is no control +over how they affect each other. +The use of B is strongly discouraged and is only present +for backward compatibility with earlier OpenSSL FIPS modules. =head2 SSL Configuration Module diff --git a/include/openssl/evp.h b/include/openssl/evp.h index db8eec1..a903b29 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -69,6 +69,8 @@ extern "C" { #endif +int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); + # define EVP_PKEY_MO_SIGN 0x0001 # define EVP_PKEY_MO_VERIFY 0x0002 # define EVP_PKEY_MO_ENCRYPT 0x0004 diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 5d3c576..e62cfb3 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -128,6 +128,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_VERIFY_INIT 143 # define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 # define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +# define EVP_F_EVP_SET_DEFAULT_PROPERTIES 236 # define EVP_F_EVP_SIGNFINAL 107 # define EVP_F_EVP_VERIFYFINAL 108 # define EVP_F_GMAC_CTRL 215 diff --git a/util/libcrypto.num b/util/libcrypto.num index 5b488d0..6388973 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4793,3 +4793,4 @@ X509_get0_sm2_id 4740 3_0_0 EXIST::FUNCTION:SM2 EVP_PKEY_get0_engine 4741 3_0_0 EXIST::FUNCTION:ENGINE EVP_MD_upref 4742 3_0_0 EXIST::FUNCTION: EVP_MD_fetch 4743 3_0_0 EXIST::FUNCTION: +EVP_set_default_properties 4744 3_0_0 EXIST::FUNCTION: From no-reply at appveyor.com Fri Apr 5 14:09:14 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Apr 2019 14:09:14 +0000 Subject: Build failed: openssl master.23982 Message-ID: <20190405140914.1.3CDD38970926C7CB@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 5 14:14:27 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Apr 2019 14:14:27 +0000 Subject: Still Failing: openssl/openssl#24581 (master - de3955f) In-Reply-To: Message-ID: <5ca762c38c78c_43ff060395ab8293517@09c6fc6a-4942-4951-ba2f-4fb8a9ba11a9.mail> Build Update for openssl/openssl ------------------------------------- Build: #24581 Status: Still Failing Duration: 20 mins and 8 secs Commit: de3955f (master) Author: Richard Levitte Message: EVP configuration section: add 'default_properties' command The value of the 'default_properties' command is simply passed to EVP_set_default_properties(). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8681) View the changeset: https://github.com/openssl/openssl/compare/bc362b9b7202...de3955f66225 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516204322?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Apr 5 14:20:35 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Apr 2019 14:20:35 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-sm2 Message-ID: <1554474035.647068.23075.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm2 Commit log since last time: ecbfaef2aa trace: add PROVIDER_CONF trace category 69539990a8 Correct the documentation about SSL_CIPHER_description() fd3a904636 Skip the correct number of tests if SM2 is disabled 2a2bc6fc12 For provider tests, don't define a OPENSSL_NO_ macro 706b6333a6 Document the 'no-module' configuration option e321ba28e8 Correct EVP_F_EVP_MD_BLOCK_SIZE number From openssl at openssl.org Fri Apr 5 14:28:09 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Apr 2019 14:28:09 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-sm3 Message-ID: <1554474489.053495.20039.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sm3 Commit log since last time: ecbfaef2aa trace: add PROVIDER_CONF trace category 69539990a8 Correct the documentation about SSL_CIPHER_description() fd3a904636 Skip the correct number of tests if SM2 is disabled 2a2bc6fc12 For provider tests, don't define a OPENSSL_NO_ macro 706b6333a6 Document the 'no-module' configuration option e321ba28e8 Correct EVP_F_EVP_MD_BLOCK_SIZE number From no-reply at appveyor.com Fri Apr 5 14:38:58 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Apr 2019 14:38:58 +0000 Subject: Build completed: openssl master.23983 Message-ID: <20190405143858.1.4F89465441D14727@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 5 17:00:37 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Apr 2019 17:00:37 +0000 Subject: Build failed: openssl master.23988 Message-ID: <20190405170037.1.5B25C51DD3D6B5C6@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Sat Apr 6 08:19:13 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 06 Apr 2019 08:19:13 +0000 Subject: [openssl] master update Message-ID: <1554538753.874984.23981.nullmailer@dev.openssl.org> The branch master has been updated via 8cf85d489978c384a3f193fb7cb25469e0559f27 (commit) from de3955f66225e42bfae710c50b51c98aa4616ac1 (commit) - Log ----------------------------------------------------------------- commit 8cf85d489978c384a3f193fb7cb25469e0559f27 Author: Bernd Edlinger Date: Sun Mar 31 12:00:16 2019 +0200 Fix the allocation size in EVP_OpenInit and PEM_SignFinal Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8620) ----------------------------------------------------------------------- Summary of changes: crypto/evp/p_open.c | 2 +- crypto/pem/pem_sign.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index c9cd9b1..a141eb4 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -40,7 +40,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, } size = EVP_PKEY_size(priv); - key = OPENSSL_malloc(size + 2); + key = OPENSSL_malloc(size); if (key == NULL) { /* ERROR */ EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c index d8f6d07..4be03a4 100644 --- a/crypto/pem/pem_sign.c +++ b/crypto/pem/pem_sign.c @@ -31,7 +31,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, int i, ret = 0; unsigned int m_len; - m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); + m = OPENSSL_malloc(EVP_PKEY_size(pkey)); if (m == NULL) { PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE); goto err; From bernd.edlinger at hotmail.de Sat Apr 6 08:20:18 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 06 Apr 2019 08:20:18 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554538818.976433.25589.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 8851d3728725885d06db2ff4ef5e5ea3a080deef (commit) from b7534359306754b90a4f18aa5231477510488713 (commit) - Log ----------------------------------------------------------------- commit 8851d3728725885d06db2ff4ef5e5ea3a080deef Author: Bernd Edlinger Date: Sun Mar 31 12:00:16 2019 +0200 Fix the allocation size in EVP_OpenInit and PEM_SignFinal Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8620) (cherry picked from commit 8cf85d489978c384a3f193fb7cb25469e0559f27) ----------------------------------------------------------------------- Summary of changes: crypto/evp/p_open.c | 2 +- crypto/pem/pem_sign.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index f2976f8..7dcb95b 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -40,7 +40,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, } size = EVP_PKEY_size(priv); - key = OPENSSL_malloc(size + 2); + key = OPENSSL_malloc(size); if (key == NULL) { /* ERROR */ EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c index 9662eb1..06fce45 100644 --- a/crypto/pem/pem_sign.c +++ b/crypto/pem/pem_sign.c @@ -31,7 +31,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, int i, ret = 0; unsigned int m_len; - m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); + m = OPENSSL_malloc(EVP_PKEY_size(pkey)); if (m == NULL) { PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE); goto err; From builds at travis-ci.org Sat Apr 6 08:50:06 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 06 Apr 2019 08:50:06 +0000 Subject: Still Failing: openssl/openssl#24592 (OpenSSL_1_1_1-stable - 8851d37) In-Reply-To: Message-ID: <5ca8683e10ef6_43f864c3c172c197850@d767ea10-1af2-4934-91db-41101ee13491.mail> Build Update for openssl/openssl ------------------------------------- Build: #24592 Status: Still Failing Duration: 25 mins and 14 secs Commit: 8851d37 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix the allocation size in EVP_OpenInit and PEM_SignFinal Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8620) (cherry picked from commit 8cf85d489978c384a3f193fb7cb25469e0559f27) View the changeset: https://github.com/openssl/openssl/compare/b75343593067...8851d3728725 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516514411?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sat Apr 6 08:38:35 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 06 Apr 2019 08:38:35 +0000 Subject: Still Failing: openssl/openssl#24591 (master - 8cf85d4) In-Reply-To: Message-ID: <5ca8658b612b4_43fb93c3bb03492463@6cd706bc-2cf4-45d6-9d2e-09419c3b798d.mail> Build Update for openssl/openssl ------------------------------------- Build: #24591 Status: Still Failing Duration: 18 mins and 37 secs Commit: 8cf85d4 (master) Author: Bernd Edlinger Message: Fix the allocation size in EVP_OpenInit and PEM_SignFinal Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8620) View the changeset: https://github.com/openssl/openssl/compare/de3955f66225...8cf85d489978 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516514232?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Sat Apr 6 09:16:05 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 06 Apr 2019 09:16:05 +0000 Subject: [openssl] master update Message-ID: <1554542165.824694.4928.nullmailer@dev.openssl.org> The branch master has been updated via 6ce84e64102c9df984e3a00af12eb797c398563f (commit) from 8cf85d489978c384a3f193fb7cb25469e0559f27 (commit) - Log ----------------------------------------------------------------- commit 6ce84e64102c9df984e3a00af12eb797c398563f Author: Pauli Date: Sat Apr 6 19:15:44 2019 +1000 Fix big endian param API tests. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8629) ----------------------------------------------------------------------- Summary of changes: crypto/params.c | 4 ++ test/params_api_test.c | 188 +++++++++++++++++++++++-------------------------- 2 files changed, 91 insertions(+), 101 deletions(-) diff --git a/crypto/params.c b/crypto/params.c index 8eef736..465bb32 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -382,6 +382,10 @@ int OSSL_PARAM_set_BN(const OSSL_PARAM *p, const BIGNUM *val) if (val == NULL || p->data_type != OSSL_PARAM_UNSIGNED_INTEGER) return 0; + /* For the moment, only positive values are permitted */ + if (BN_is_negative(val)) + return 0; + bytes = (size_t)BN_num_bytes(val); SET_RETURN_SIZE(p, bytes); return p->data_size >= bytes diff --git a/test/params_api_test.c b/test/params_api_test.c index 15dfb16..94487d6 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -26,7 +26,15 @@ static void swap_copy(unsigned char *out, const void *in, size_t len) out[j] = ((unsigned char *)in)[len - j - 1]; } -static void copy_to_le(unsigned char *out, const void *in, size_t len) +/* + * A memory copy that converts the native byte ordering either to or from + * little endian format. + * + * On a little endian machine copying either is just a memcpy(3), on a + * big endian machine copying from native to or from little endian involves + * byte reversal. + */ +static void le_copy(unsigned char *out, const void *in, size_t len) { DECLARE_IS_ENDIAN; @@ -36,16 +44,6 @@ static void copy_to_le(unsigned char *out, const void *in, size_t len) swap_copy(out, in, len); } -static void copy_be_to_native(unsigned char *out, const void *in, size_t len) -{ - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN) - swap_copy(out, in, len); - else - memcpy(out, in, len); -} - static const struct { size_t len; unsigned char value[MAX_LEN]; @@ -60,8 +58,8 @@ static const struct { 0x89, 0x67, 0xf2, 0x68, 0x33, 0xa0, 0x14, 0xb0 } }, }; -static int test_param_type_extra(const OSSL_PARAM *param, unsigned char *cmp, - size_t width) +static int test_param_type_extra(const OSSL_PARAM *param, + const unsigned char *cmp, size_t width) { int32_t i32; int64_t i64; @@ -85,17 +83,17 @@ static int test_param_type_extra(const OSSL_PARAM *param, unsigned char *cmp, /* Check signed types */ if (bit32) { - copy_to_le(buf, &i32, sizeof(i32)); + le_copy(buf, &i32, sizeof(i32)); sz = sizeof(i32) < width ? sizeof(i32) : width; if (!TEST_mem_eq(buf, sz, cmp, sz)) return 0; } - copy_to_le(buf, &i64, sizeof(i64)); + le_copy(buf, &i64, sizeof(i64)); sz = sizeof(i64) < width ? sizeof(i64) : width; if (!TEST_mem_eq(buf, sz, cmp, sz)) return 0; if (sizet && !signd) { - copy_to_le(buf, &s, sizeof(s)); + le_copy(buf, &s, sizeof(s)); sz = sizeof(s) < width ? sizeof(s) : width; if (!TEST_mem_eq(buf, sz, cmp, sz)) return 0; @@ -133,268 +131,257 @@ static int test_param_type_extra(const OSSL_PARAM *param, unsigned char *cmp, static int test_param_int(int n) { int in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(int)]; + unsigned char buf[MAX_LEN], cmp[sizeof(int)]; const size_t len = raw_values[n].len >= sizeof(int) ? sizeof(int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int("a", NULL); memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_int(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_int(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(int)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(int)); } static int test_param_long(int n) { long int in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(long int)]; + unsigned char buf[MAX_LEN], cmp[sizeof(long int)]; const size_t len = raw_values[n].len >= sizeof(long int) ? sizeof(long int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_long("a", NULL); memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_long(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_long(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(long int)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(long int)); } static int test_param_uint(int n) { unsigned int in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(unsigned int)]; + unsigned char buf[MAX_LEN], cmp[sizeof(unsigned int)]; const size_t len = raw_values[n].len >= sizeof(unsigned int) ? sizeof(unsigned int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint("a", NULL); + memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_uint(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_uint(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(unsigned int)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(unsigned int)); } static int test_param_ulong(int n) { unsigned long int in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(unsigned long int)]; + unsigned char buf[MAX_LEN], cmp[sizeof(unsigned long int)]; const size_t len = raw_values[n].len >= sizeof(unsigned long int) ? sizeof(unsigned long int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_ulong("a", NULL); + memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_ulong(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_ulong(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(unsigned long int)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(unsigned long int)); } static int test_param_int32(int n) { int32_t in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(int32_t)]; + unsigned char buf[MAX_LEN], cmp[sizeof(int32_t)]; const size_t len = raw_values[n].len >= sizeof(int32_t) ? sizeof(int32_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int32("a", NULL); + memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_int32(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_int32(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(int32_t)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(int32_t)); } static int test_param_uint32(int n) { uint32_t in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(uint32_t)]; + unsigned char buf[MAX_LEN], cmp[sizeof(uint32_t)]; const size_t len = raw_values[n].len >= sizeof(uint32_t) ? sizeof(uint32_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint32("a", NULL); + memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_uint32(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_uint32(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(uint32_t)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(uint32_t)); } static int test_param_int64(int n) { int64_t in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(int64_t)]; + unsigned char buf[MAX_LEN], cmp[sizeof(int64_t)]; const size_t len = raw_values[n].len >= sizeof(int64_t) ? sizeof(int64_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int64("a", NULL); + memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_int64(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_int64(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(int64_t)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(int64_t)); } static int test_param_uint64(int n) { uint64_t in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(uint64_t)]; + unsigned char buf[MAX_LEN], cmp[sizeof(uint64_t)]; const size_t len = raw_values[n].len >= sizeof(uint64_t) ? sizeof(uint64_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint64("a", NULL); + memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_uint64(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_uint64(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(uint64_t)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(uint64_t)); } static int test_param_size_t(int n) { size_t in, out; - unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(size_t)]; + unsigned char buf[MAX_LEN], cmp[sizeof(size_t)]; const size_t len = raw_values[n].len >= sizeof(size_t) ? sizeof(size_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_size_t("a", NULL); + memset(buf, 0, sizeof(buf)); - memset(le, 0, sizeof(le)); - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); + le_copy(buf, raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); param.data = &out; if (!TEST_true(OSSL_PARAM_set_size_t(¶m, in))) return 0; - copy_to_le(cmp, &out, sizeof(out)); - if (!TEST_mem_eq(cmp, len, le, len)) + le_copy(cmp, &out, sizeof(out)); + if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; param.data = buf; if (!TEST_true(OSSL_PARAM_get_size_t(¶m, &in))) return 0; - copy_to_le(cmp, &in, sizeof(in)); - if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in))) + le_copy(cmp, &in, sizeof(in)); + if (!TEST_mem_eq(cmp, sizeof(in), raw_values[n].value, sizeof(in))) return 0; param.data = &out; - return test_param_type_extra(¶m, le, sizeof(size_t)); + return test_param_type_extra(¶m, raw_values[n].value, sizeof(size_t)); } static int test_param_bignum(int n) { - unsigned char buf[MAX_LEN], bnbuf[MAX_LEN], le[MAX_LEN]; + unsigned char buf[MAX_LEN], bnbuf[MAX_LEN]; const size_t len = raw_values[n].len; size_t bnsize; BIGNUM *b = NULL, *c = NULL; @@ -406,9 +393,8 @@ static int test_param_bignum(int n) param.data_size = len; param.return_size = &bnsize; - copy_be_to_native(buf, raw_values[n].value, len); - swap_copy(le, raw_values[n].value, len); - if (!TEST_ptr(b = BN_bin2bn(raw_values[n].value, (int)len, NULL))) + le_copy(buf, raw_values[n].value, len); + if (!TEST_ptr(b = BN_lebin2bn(raw_values[n].value, (int)len, NULL))) goto err; if (!TEST_true(OSSL_PARAM_set_BN(¶m, b)) From pauli at openssl.org Sat Apr 6 09:17:23 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 06 Apr 2019 09:17:23 +0000 Subject: [openssl] master update Message-ID: <1554542243.415627.6785.nullmailer@dev.openssl.org> The branch master has been updated via 23dc8feba817560485da00d690d7b7b9e5b15682 (commit) from 6ce84e64102c9df984e3a00af12eb797c398563f (commit) - Log ----------------------------------------------------------------- commit 23dc8feba817560485da00d690d7b7b9e5b15682 Author: FdaSilvaYY Date: Sat Apr 6 19:16:59 2019 +1000 Coverity: fix two minor NPD issues. Found by Coverity. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8274) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_lib.c | 6 ++++-- crypto/ex_data.c | 9 +++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 606563a..13d061b 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -356,8 +356,10 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) { OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret)); - if (ret != NULL) - memset(ret, 0, sizeof(*ret)); + if (ret == NULL) + return NULL; + + memset(ret, 0, sizeof(*ret)); ret->flags = DEFAULT_CONF_MFLAGS; return ret; diff --git a/crypto/ex_data.c b/crypto/ex_data.c index a728bfb..5f83191 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -235,7 +235,7 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) return 0; } for (i = 0; i < mx; i++) { - if (storage[i] && storage[i]->new_func) { + if (storage[i] != NULL && storage[i]->new_func != NULL) { ptr = CRYPTO_get_ex_data(ad, i); storage[i]->new_func(obj, ptr, ad, i, storage[i]->argl, storage[i]->argp); @@ -299,7 +299,7 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, for (i = 0; i < mx; i++) { ptr = CRYPTO_get_ex_data(from, i); - if (storage[i] && storage[i]->dup_func) + if (storage[i] != NULL && storage[i]->dup_func != NULL) if (!storage[i]->dup_func(to, from, &ptr, i, storage[i]->argl, storage[i]->argp)) goto err; @@ -380,6 +380,8 @@ int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, return 1; ip = get_and_lock(class_index); + if (ip == NULL) + return 0; f = sk_EX_CALLBACK_value(ip->meth, idx); CRYPTO_THREAD_unlock(ex_data_lock); @@ -387,6 +389,9 @@ int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, * This should end up calling CRYPTO_set_ex_data(), which allocates * everything necessary to support placing the new data in the right spot. */ + if (f->new_func == NULL) + return 0; + f->new_func(obj, curval, ad, idx, f->argl, f->argp); return 1; From builds at travis-ci.org Sat Apr 6 09:49:31 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 06 Apr 2019 09:49:31 +0000 Subject: Still Failing: openssl/openssl#24594 (master - 23dc8fe) In-Reply-To: Message-ID: <5ca8762abc4af_43fb94625baf4964ba@6cd706bc-2cf4-45d6-9d2e-09419c3b798d.mail> Build Update for openssl/openssl ------------------------------------- Build: #24594 Status: Still Failing Duration: 28 mins and 51 secs Commit: 23dc8fe (master) Author: FdaSilvaYY Message: Coverity: fix two minor NPD issues. Found by Coverity. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8274) View the changeset: https://github.com/openssl/openssl/compare/6ce84e64102c...23dc8feba817 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516524203?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sat Apr 6 09:36:42 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 06 Apr 2019 09:36:42 +0000 Subject: Still Failing: openssl/openssl#24593 (master - 6ce84e6) In-Reply-To: Message-ID: <5ca8732a6eccd_43fb26274ee0c173276@9b2314ee-68a8-4e3c-b2c7-91e93fa4c05c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24593 Status: Still Failing Duration: 20 mins and 4 secs Commit: 6ce84e6 (master) Author: Pauli Message: Fix big endian param API tests. Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8629) View the changeset: https://github.com/openssl/openssl/compare/8cf85d489978...6ce84e64102c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/516523932?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Apr 7 00:23:55 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 07 Apr 2019 00:23:55 +0000 Subject: Build failed: openssl master.23999 Message-ID: <20190407002355.1.757935D01A3AAE81@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Apr 7 01:01:37 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 07 Apr 2019 01:01:37 +0000 Subject: Build completed: openssl master.24000 Message-ID: <20190407010137.1.23291B57EC390AA0@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Apr 7 07:28:30 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 07 Apr 2019 07:28:30 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5ca9a69e6cffa_3d542b0b31c28f5029371@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEvyxzJHSwEoiXkZglM3WeHA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1rGS55PFyMCUZqGQw8vq-2Fyoei-2B60FG5vGXJB3CQcF7GEx20Z41NAhbrmVVw-2FRQD4Xek3sRdWh342AcA-2BaU76E185rMInOSgUrTXeiEZA8ChOCztK2s42p47TvjJRMMtBGzmb2w22Cjoqxi8Uwja8V0iBKs3dtoi-2BZ5W4L8BhqfAwpks-2FtquSxVGJuHEFi9sjc-3D Build ID: 251135 Analysis Summary: New defects found: 3 Defects eliminated: 2 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6zzUI-2FRfbrE6mNOeeukHUQw-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1rGS55PFyMCUZqGQw8vq-2Fyoei-2B60FG5vGXJB3CQcF7GJWK2UpgORrwp9DiNIadtskw10PzSrQWwTbtV4wkVxTdBPE9KYru6lhm-2FBS27G-2Bq674k6-2F0wMAqFKzeLFQb6j2Ab5t7-2Fi4-2Bl-2F-2BTztJ3wEbLb-2FK8iWxBoZgkqMi9WNNyFGmkuRyecYPdZfCUKcu-2FR5hk-3D From scan-admin at coverity.com Sun Apr 7 07:47:20 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 07 Apr 2019 07:47:20 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5ca9ab07a5910_480a2b0b31c28f5029323@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEOo3rtGjiQZqYPGgcjfkiXQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2D8lDi5ZYORwrRk-2BcaSgKsXS4teXZ7nu6AocMBLyhIQ0QSRuY-2FFUWtdoD8iJgbfxJyP7EBEPguaqqZ9tMv-2F0HGVMgxqMAH1bkzmaNbAB46PiUBsb6gsfyCPn2r3Tn-2BXsCcRHie9m9KU-2BXySY4lxZ-2FtD-2FFtUsykD5UQ76Thfw6jNbjrgyTp9OSzOz-2F5oNY8-2BAc-3D Build ID: 251138 Analysis Summary: New defects found: 0 Defects eliminated: 0 From openssl at openssl.org Sun Apr 7 22:18:32 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 07 Apr 2019 22:18:32 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1554675512.511145.1925.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 23dc8feba8 Coverity: fix two minor NPD issues. Found by Coverity. 6ce84e6410 Fix big endian param API tests. 8cf85d4899 Fix the allocation size in EVP_OpenInit and PEM_SignFinal de3955f662 EVP configuration section: add 'default_properties' command cb92964563 EVP_set_default_properties(): New function to set global properties bc362b9b72 Convert the ENGINE_CONF trace calls to use CONF instead 0196ad63d3 Add a bit of tracing in the core conf module runner 71849dff56 Rename the PROVIDER_CONF trace to CONF e3af453bac OPENSSL_init_crypto(): check config return code correctly 0f5163bd1c Fix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZE 3538b0f7ad Move the AES-XTS mode duplicated key check into the init_key function rather than the update call. The means an earlier error return at the cost of some duplicated code. 0be2cc5eb3 Complain if there are missing symbols when creating a provider .so file 1576dfe090 Test that we can use the FIPS provider e75455173b Add a no-fips Configure option 9efa0ae0b6 Create a FIPS provider and put SHA256 in it Build log ended with (last 100 lines): /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_stack_malloc_2' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_stack_malloc_1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:178: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:179: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:180: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:181: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:182: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:183: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:189: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:190: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:203: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:205: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:209: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_register_globals' crypto/sha/fips-dso-sha256.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_unregister_globals' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__asan_report_store8' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:43: undefined reference to `__asan_memcpy' providers/common/digests/fips-dso-sha2.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_register_globals' providers/common/digests/fips-dso-sha2.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_unregister_globals' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__asan_report_store8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:63: undefined reference to `__asan_report_store4' providers/fips/fips-dso-fipsprov.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_register_globals' providers/fips/fips-dso-fipsprov.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_unregister_globals' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:106: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:107: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:120: undefined reference to `__asan_report_store8' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__asan_report_load8' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__asan_report_load8' test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:47: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:47: undefined reference to `__asan_stack_malloc_3' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:51: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:52: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:76: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:77: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:86: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:86: undefined reference to `__asan_report_store8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:87: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:88: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_set_shadow_f5' test/p_test-dso-p_test.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_register_globals' test/p_test-dso-p_test.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_unregister_globals' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6942: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Mon Apr 8 00:21:02 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Apr 2019 00:21:02 +0000 Subject: [openssl] master update Message-ID: <1554682862.664632.10920.nullmailer@dev.openssl.org> The branch master has been updated via 61d7045bd234d82b689ad314bfe57bfc478358fb (commit) via aa447d6fdbc250cf0f8f361daf3b734f288bbad1 (commit) from 23dc8feba817560485da00d690d7b7b9e5b15682 (commit) - Log ----------------------------------------------------------------- commit 61d7045bd234d82b689ad314bfe57bfc478358fb Author: Patrick Steuer Date: Sun Apr 7 13:48:15 2019 +0200 fix --strict-warnings build ISO C90 forbids specifying subobject to initialize Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8693) commit aa447d6fdbc250cf0f8f361daf3b734f288bbad1 Author: Patrick Steuer Date: Sun Apr 7 13:30:26 2019 +0200 fix --strict-warnings build C++ style comments are not allowed in ISO C90 Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8693) ----------------------------------------------------------------------- Summary of changes: crypto/s390xcap.c | 612 ++++++++++++++++++++++---------------------- include/internal/refcount.h | 2 +- 2 files changed, 307 insertions(+), 307 deletions(-) diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index 9772bd5..717849e 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -152,17 +152,17 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) * Facility detection would fail on real hw (no STFLE). */ static const struct OPENSSL_s390xcap_st z900 = { - .stfle = {0ULL, 0ULL, 0ULL, 0ULL}, - .kimd = {0ULL, 0ULL}, - .klmd = {0ULL, 0ULL}, - .km = {0ULL, 0ULL}, - .kmc = {0ULL, 0ULL}, - .kmac = {0ULL, 0ULL}, - .kmctr = {0ULL, 0ULL}, - .kmo = {0ULL, 0ULL}, - .kmf = {0ULL, 0ULL}, - .prno = {0ULL, 0ULL}, - .kma = {0ULL, 0ULL}, + /*.stfle = */{0ULL, 0ULL, 0ULL, 0ULL}, + /*.kimd = */{0ULL, 0ULL}, + /*.klmd = */{0ULL, 0ULL}, + /*.km = */{0ULL, 0ULL}, + /*.kmc = */{0ULL, 0ULL}, + /*.kmac = */{0ULL, 0ULL}, + /*.kmctr = */{0ULL, 0ULL}, + /*.kmo = */{0ULL, 0ULL}, + /*.kmf = */{0ULL, 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, }; /*- @@ -170,25 +170,25 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) * Implements MSA. Facility detection would fail on real hw (no STFLE). */ static const struct OPENSSL_s390xcap_st z990 = { - .stfle = {S390X_CAPBIT(S390X_MSA), - 0ULL, 0ULL, 0ULL}, - .kimd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1), - 0ULL}, - .klmd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1), - 0ULL}, - .km = {S390X_CAPBIT(S390X_QUERY), - 0ULL}, - .kmc = {S390X_CAPBIT(S390X_QUERY), - 0ULL}, - .kmac = {S390X_CAPBIT(S390X_QUERY), - 0ULL}, - .kmctr = {0ULL, 0ULL}, - .kmo = {0ULL, 0ULL}, - .kmf = {0ULL, 0ULL}, - .prno = {0ULL, 0ULL}, - .kma = {0ULL, 0ULL}, + /*.stfle = */{S390X_CAPBIT(S390X_MSA), + 0ULL, 0ULL, 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1), + 0ULL}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kmctr = */{0ULL, 0ULL}, + /*.kmo = */{0ULL, 0ULL}, + /*.kmf = */{0ULL, 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, }; /*- @@ -196,30 +196,30 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) * Implements MSA and MSA1. */ static const struct OPENSSL_s390xcap_st z9 = { - .stfle = {S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - 0ULL, 0ULL, 0ULL}, - .kimd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256), - 0ULL}, - .klmd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256), - 0ULL}, - .km = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128), - 0ULL}, - .kmc = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128), - 0ULL}, - .kmac = {S390X_CAPBIT(S390X_QUERY), - 0ULL}, - .kmctr = {0ULL, 0ULL}, - .kmo = {0ULL, 0ULL}, - .kmf = {0ULL, 0ULL}, - .prno = {0ULL, 0ULL}, - .kma = {0ULL, 0ULL}, + /*.stfle = */{S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF), + 0ULL, 0ULL, 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256), + 0ULL}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kmctr = */{0ULL, 0ULL}, + /*.kmo = */{0ULL, 0ULL}, + /*.kmf = */{0ULL, 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, }; /*- @@ -227,36 +227,36 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) * Implements MSA and MSA1-2. */ static const struct OPENSSL_s390xcap_st z10 = { - .stfle = {S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - 0ULL, 0ULL, 0ULL}, - .kimd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - .klmd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - .km = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmc = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmac = {S390X_CAPBIT(S390X_QUERY), - 0ULL}, - .kmctr = {0ULL, 0ULL}, - .kmo = {0ULL, 0ULL}, - .kmf = {0ULL, 0ULL}, - .prno = {0ULL, 0ULL}, - .kma = {0ULL, 0ULL}, + /*.stfle = */{S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF), + 0ULL, 0ULL, 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512), + 0ULL}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY), + 0ULL}, + /*.kmctr = */{0ULL, 0ULL}, + /*.kmo = */{0ULL, 0ULL}, + /*.kmf = */{0ULL, 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, }; /*- @@ -264,55 +264,55 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) * Implements MSA and MSA1-4. */ static const struct OPENSSL_s390xcap_st z196 = { - .stfle = {S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - 0ULL, 0ULL}, - .kimd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - S390X_CAPBIT(S390X_GHASH)}, - .klmd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - .km = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - .kmc = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmac = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmctr = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmo = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmf = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .prno = {0ULL, 0ULL}, - .kma = {0ULL, 0ULL}, + /*.stfle = */{S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + 0ULL, 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512), + S390X_CAPBIT(S390X_GHASH)}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256) + | S390X_CAPBIT(S390X_XTS_AES_128) + | S390X_CAPBIT(S390X_XTS_AES_256), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmo = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmf = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, }; /*- @@ -320,55 +320,55 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) * Implements MSA and MSA1-4. */ static const struct OPENSSL_s390xcap_st zEC12 = { - .stfle = {S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - 0ULL, 0ULL}, - .kimd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), + /*.stfle = */{S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + 0ULL, 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512), S390X_CAPBIT(S390X_GHASH)}, - .klmd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - .km = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - .kmc = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmac = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmctr = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmo = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmf = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .prno = {0ULL, 0ULL}, - .kma = {0ULL, 0ULL}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256) + | S390X_CAPBIT(S390X_XTS_AES_128) + | S390X_CAPBIT(S390X_XTS_AES_256), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmo = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmf = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.prno = */{0ULL, 0ULL}, + /*.kma = */{0ULL, 0ULL}, }; /*- @@ -376,59 +376,59 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) * Implements MSA and MSA1-5. */ static const struct OPENSSL_s390xcap_st z13 = { - .stfle = {S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF) - | S390X_CAPBIT(S390X_MSA5), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - S390X_CAPBIT(S390X_VX), - 0ULL}, - .kimd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - S390X_CAPBIT(S390X_GHASH)}, - .klmd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - .km = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - .kmc = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmac = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmctr = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmo = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmf = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .prno = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_512_DRNG), - 0ULL}, - .kma = {0ULL, 0ULL}, + /*.stfle = */{S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF) + | S390X_CAPBIT(S390X_MSA5), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + S390X_CAPBIT(S390X_VX), + 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512), + S390X_CAPBIT(S390X_GHASH)}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256) + | S390X_CAPBIT(S390X_XTS_AES_128) + | S390X_CAPBIT(S390X_XTS_AES_256), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmo = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmf = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.prno = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_512_DRNG), + 0ULL}, + /*.kma = */{0ULL, 0ULL}, }; /*- @@ -436,78 +436,78 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap) * Implements MSA and MSA1-8. */ static const struct OPENSSL_s390xcap_st z14 = { - .stfle = {S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF) - | S390X_CAPBIT(S390X_MSA5), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE) - | S390X_CAPBIT(S390X_MSA8), - 0ULL}, - .kimd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - S390X_CAPBIT(S390X_GHASH)}, - .klmd = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - 0ULL}, - .km = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - .kmc = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmac = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmctr = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmo = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .kmf = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - .prno = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_512_DRNG), - S390X_CAPBIT(S390X_TRNG)}, - .kma = {S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, + /*.stfle = */{S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF) + | S390X_CAPBIT(S390X_MSA5), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE) + | S390X_CAPBIT(S390X_MSA8), + 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512) + | S390X_CAPBIT(S390X_SHA3_224) + | S390X_CAPBIT(S390X_SHA3_256) + | S390X_CAPBIT(S390X_SHA3_384) + | S390X_CAPBIT(S390X_SHA3_512) + | S390X_CAPBIT(S390X_SHAKE_128) + | S390X_CAPBIT(S390X_SHAKE_256), + S390X_CAPBIT(S390X_GHASH)}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512) + | S390X_CAPBIT(S390X_SHA3_224) + | S390X_CAPBIT(S390X_SHA3_256) + | S390X_CAPBIT(S390X_SHA3_384) + | S390X_CAPBIT(S390X_SHA3_512) + | S390X_CAPBIT(S390X_SHAKE_128) + | S390X_CAPBIT(S390X_SHAKE_256), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256) + | S390X_CAPBIT(S390X_XTS_AES_128) + | S390X_CAPBIT(S390X_XTS_AES_256), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmo = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmf = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.prno = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_512_DRNG), + S390X_CAPBIT(S390X_TRNG)}, + /*.kma = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, }; char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1]; diff --git a/include/internal/refcount.h b/include/internal/refcount.h index f74f794..eddf124 100644 --- a/include/internal/refcount.h +++ b/include/internal/refcount.h @@ -106,7 +106,7 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) # if _WIN32_WCE >= 0x600 extern long __cdecl _InterlockedExchangeAdd(long volatile*, long); # else - // under Windows CE we still have old-style Interlocked* functions + /* under Windows CE we still have old-style Interlocked* functions */ extern long __cdecl InterlockedExchangeAdd(long volatile*, long); # define _InterlockedExchangeAdd InterlockedExchangeAdd # endif From pauli at openssl.org Mon Apr 8 00:22:13 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Apr 2019 00:22:13 +0000 Subject: [openssl] master update Message-ID: <1554682933.085497.13174.nullmailer@dev.openssl.org> The branch master has been updated via df09b6b5f9088db10ef13dd71999db9b282b8d1a (commit) from 61d7045bd234d82b689ad314bfe57bfc478358fb (commit) - Log ----------------------------------------------------------------- commit df09b6b5f9088db10ef13dd71999db9b282b8d1a Author: Shane Lontis Date: Sun Apr 7 11:45:36 2019 +1000 coverity resource leak fixes in apps/pkeyutl Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8691) ----------------------------------------------------------------------- Summary of changes: apps/pkeyutl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 7f1e621..c8cac0d 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -688,7 +688,7 @@ static int do_raw_keyop(int pkey_op, EVP_PKEY_CTX *ctx, if (filesize < 0) { BIO_printf(bio_err, "Error: unable to determine file size for oneshot operation\n"); - return rv; + goto end; } mbuf = app_malloc(filesize, "oneshot sign/verify buffer"); switch(pkey_op) { @@ -717,7 +717,6 @@ static int do_raw_keyop(int pkey_op, EVP_PKEY_CTX *ctx, } break; } - OPENSSL_free(mbuf); goto end; } @@ -767,6 +766,7 @@ static int do_raw_keyop(int pkey_op, EVP_PKEY_CTX *ctx, } end: + OPENSSL_free(mbuf); EVP_MD_CTX_free(mctx); return rv; } From builds at travis-ci.org Mon Apr 8 00:54:54 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Apr 2019 00:54:54 +0000 Subject: Still Failing: openssl/openssl#24604 (master - df09b6b) In-Reply-To: Message-ID: <5caa9bde88aba_43fb8eca4fcc413777f@d3dc1a91-a996-4bc8-a008-16d099ec2eb9.mail> Build Update for openssl/openssl ------------------------------------- Build: #24604 Status: Still Failing Duration: 29 mins and 9 secs Commit: df09b6b (master) Author: Shane Lontis Message: coverity resource leak fixes in apps/pkeyutl Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8691) View the changeset: https://github.com/openssl/openssl/compare/61d7045bd234...df09b6b5f908 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517026489?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Apr 8 00:41:53 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Apr 2019 00:41:53 +0000 Subject: Still Failing: openssl/openssl#24603 (master - 61d7045) In-Reply-To: Message-ID: <5caa98d136e6f_43fac3c816dd412832c@73c75bc3-3a61-4c2f-a81e-648a937f9c79.mail> Build Update for openssl/openssl ------------------------------------- Build: #24603 Status: Still Failing Duration: 20 mins and 10 secs Commit: 61d7045 (master) Author: Patrick Steuer Message: fix --strict-warnings build ISO C90 forbids specifying subobject to initialize Signed-off-by: Patrick Steuer Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8693) View the changeset: https://github.com/openssl/openssl/compare/23dc8feba817...61d7045bd234 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517026174?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Mon Apr 8 01:03:40 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Apr 2019 01:03:40 +0000 Subject: [openssl] master update Message-ID: <1554685420.907585.31948.nullmailer@dev.openssl.org> The branch master has been updated via f997e456b9bd43af275aab90c727a52287467e98 (commit) from df09b6b5f9088db10ef13dd71999db9b282b8d1a (commit) - Log ----------------------------------------------------------------- commit f997e456b9bd43af275aab90c727a52287467e98 Author: Dan Campbell Date: Thu Apr 4 15:15:33 2019 -0600 s_client starttls: fix handling of multiline reply Fixes #8645 Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8654) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/s_client.c b/apps/s_client.c index bb4f0aa..282d137 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2277,7 +2277,7 @@ int s_client_main(int argc, char **argv) do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); } - while (mbuf_len > 3 && mbuf[3] == '-'); + while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' ')); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); From pauli at openssl.org Mon Apr 8 01:04:23 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Apr 2019 01:04:23 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554685463.173726.1111.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via d7af859880c14fff9d46a028366ab473977d1f36 (commit) from 8851d3728725885d06db2ff4ef5e5ea3a080deef (commit) - Log ----------------------------------------------------------------- commit d7af859880c14fff9d46a028366ab473977d1f36 Author: Dan Campbell Date: Thu Apr 4 15:15:33 2019 -0600 s_client starttls: fix handling of multiline reply Fixes #8645 Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8654) (cherry picked from commit f997e456b9bd43af275aab90c727a52287467e98) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/s_client.c b/apps/s_client.c index 4dd6e2f..b85339a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2253,7 +2253,7 @@ int s_client_main(int argc, char **argv) do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); } - while (mbuf_len > 3 && mbuf[3] == '-'); + while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' ')); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); From builds at travis-ci.org Mon Apr 8 01:24:38 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Apr 2019 01:24:38 +0000 Subject: Still Failing: openssl/openssl#24605 (master - f997e45) In-Reply-To: Message-ID: <5caaa2d5d8348_43fb74da3e744923ba@d2df37dc-f30a-4d6d-94e7-9a5606c01030.mail> Build Update for openssl/openssl ------------------------------------- Build: #24605 Status: Still Failing Duration: 20 mins and 24 secs Commit: f997e45 (master) Author: Dan Campbell Message: s_client starttls: fix handling of multiline reply Fixes #8645 Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8654) View the changeset: https://github.com/openssl/openssl/compare/df09b6b5f908...f997e456b9bd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517033630?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Apr 8 01:34:53 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Apr 2019 01:34:53 +0000 Subject: Still Failing: openssl/openssl#24606 (OpenSSL_1_1_1-stable - d7af859) In-Reply-To: Message-ID: <5caaa53cb47d5_43fdcc2642164111520@ba2e65d5-0a8f-4499-b33b-22f0a97d46b2.mail> Build Update for openssl/openssl ------------------------------------- Build: #24606 Status: Still Failing Duration: 26 mins and 6 secs Commit: d7af859 (OpenSSL_1_1_1-stable) Author: Dan Campbell Message: s_client starttls: fix handling of multiline reply Fixes #8645 Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8654) (cherry picked from commit f997e456b9bd43af275aab90c727a52287467e98) View the changeset: https://github.com/openssl/openssl/compare/8851d3728725...d7af859880c1 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517033792?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Apr 8 05:13:12 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Apr 2019 05:13:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1554700392.712032.25468.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 23dc8feba8 Coverity: fix two minor NPD issues. Found by Coverity. 6ce84e6410 Fix big endian param API tests. 8cf85d4899 Fix the allocation size in EVP_OpenInit and PEM_SignFinal de3955f662 EVP configuration section: add 'default_properties' command cb92964563 EVP_set_default_properties(): New function to set global properties bc362b9b72 Convert the ENGINE_CONF trace calls to use CONF instead 0196ad63d3 Add a bit of tracing in the core conf module runner 71849dff56 Rename the PROVIDER_CONF trace to CONF e3af453bac OPENSSL_init_crypto(): check config return code correctly 0f5163bd1c Fix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZE 3538b0f7ad Move the AES-XTS mode duplicated key check into the init_key function rather than the update call. The means an earlier error return at the cost of some duplicated code. 0be2cc5eb3 Complain if there are missing symbols when creating a provider .so file 1576dfe090 Test that we can use the FIPS provider e75455173b Add a no-fips Configure option 9efa0ae0b6 Create a FIPS provider and put SHA256 in it Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:22: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Mon Apr 8 05:37:03 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Apr 2019 05:37:03 +0000 Subject: [openssl] master update Message-ID: <1554701823.216406.9643.nullmailer@dev.openssl.org> The branch master has been updated via e9cfa192019574a75fbeca4811c10635a9049381 (commit) from f997e456b9bd43af275aab90c727a52287467e98 (commit) - Log ----------------------------------------------------------------- commit e9cfa192019574a75fbeca4811c10635a9049381 Author: Pauli Date: Mon Apr 8 14:28:59 2019 +1000 Avoid alignment problems in params API. Using a byte buffer causes problems for device that don't handle unaligned reads. Instead use the properly aligned variable that was already pointed at. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8696) ----------------------------------------------------------------------- Summary of changes: test/params_api_test.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/test/params_api_test.c b/test/params_api_test.c index 94487d6..c78a42b 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -146,7 +146,6 @@ static int test_param_int(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_int(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); @@ -174,7 +173,6 @@ static int test_param_long(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_long(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); @@ -201,7 +199,6 @@ static int test_param_uint(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_uint(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); @@ -229,7 +226,6 @@ static int test_param_ulong(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_ulong(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); @@ -257,7 +253,6 @@ static int test_param_int32(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_int32(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); @@ -285,7 +280,6 @@ static int test_param_uint32(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_uint32(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); @@ -313,7 +307,6 @@ static int test_param_int64(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_int64(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); @@ -341,7 +334,6 @@ static int test_param_uint64(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_uint64(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); @@ -369,7 +361,6 @@ static int test_param_size_t(int n) if (!TEST_mem_eq(cmp, len, raw_values[n].value, len)) return 0; in = 0; - param.data = buf; if (!TEST_true(OSSL_PARAM_get_size_t(¶m, &in))) return 0; le_copy(cmp, &in, sizeof(in)); From builds at travis-ci.org Mon Apr 8 06:03:11 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Apr 2019 06:03:11 +0000 Subject: Still Failing: openssl/openssl#24613 (master - e9cfa19) In-Reply-To: Message-ID: <5caae41f9142f_43fa69aeb1718513b6@384f0a7a-05c7-41a4-9a5b-f18a415732cb.mail> Build Update for openssl/openssl ------------------------------------- Build: #24613 Status: Still Failing Duration: 23 mins and 32 secs Commit: e9cfa19 (master) Author: Pauli Message: Avoid alignment problems in params API. Using a byte buffer causes problems for device that don't handle unaligned reads. Instead use the properly aligned variable that was already pointed at. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8696) View the changeset: https://github.com/openssl/openssl/compare/f997e456b9bd...e9cfa1920195 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517090518?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Apr 8 09:55:52 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Apr 2019 09:55:52 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1554717352.630999.13550.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 23dc8feba8 Coverity: fix two minor NPD issues. Found by Coverity. 6ce84e6410 Fix big endian param API tests. 8cf85d4899 Fix the allocation size in EVP_OpenInit and PEM_SignFinal de3955f662 EVP configuration section: add 'default_properties' command cb92964563 EVP_set_default_properties(): New function to set global properties bc362b9b72 Convert the ENGINE_CONF trace calls to use CONF instead 0196ad63d3 Add a bit of tracing in the core conf module runner 71849dff56 Rename the PROVIDER_CONF trace to CONF e3af453bac OPENSSL_init_crypto(): check config return code correctly 0f5163bd1c Fix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZE 3538b0f7ad Move the AES-XTS mode duplicated key check into the init_key function rather than the update call. The means an earlier error return at the cost of some duplicated code. 0be2cc5eb3 Complain if there are missing symbols when creating a provider .so file 1576dfe090 Test that we can use the FIPS provider e75455173b Add a no-fips Configure option 9efa0ae0b6 Create a FIPS provider and put SHA256 in it Build log ended with (last 100 lines): /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: more undefined references to `__ubsan_handle_shift_out_of_bounds_abort' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:202: undefined reference to `__ubsan_handle_add_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-ubsan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:63: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12768: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:120: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: undefined reference to `__ubsan_handle_pointer_overflow_abort' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12830: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Mon Apr 8 16:59:47 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Apr 2019 16:59:47 +0000 Subject: Build failed: openssl master.24022 Message-ID: <20190408165947.1.202143934598BCAD@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 8 17:32:23 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Apr 2019 17:32:23 +0000 Subject: Build failed: openssl master.24023 Message-ID: <20190408173223.1.FB9774A23DA5798B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 8 19:04:35 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Apr 2019 19:04:35 +0000 Subject: Build completed: openssl master.24024 Message-ID: <20190408190435.1.C90EFA187A47D46B@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Apr 8 22:18:36 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Apr 2019 22:18:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1554761916.087934.2369.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: e9cfa19201 Avoid alignment problems in params API. f997e456b9 s_client starttls: fix handling of multiline reply df09b6b5f9 coverity resource leak fixes in apps/pkeyutl 61d7045bd2 fix --strict-warnings build aa447d6fdb fix --strict-warnings build Build log ended with (last 100 lines): /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:204: undefined reference to `__asan_memset' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:216: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_stack_malloc_2' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_stack_malloc_1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:178: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:179: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:180: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:181: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:182: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:183: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:189: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:190: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:203: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:205: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:209: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_register_globals' crypto/sha/fips-dso-sha256.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_unregister_globals' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__asan_report_store8' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:43: undefined reference to `__asan_memcpy' providers/common/digests/fips-dso-sha2.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_register_globals' providers/common/digests/fips-dso-sha2.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_unregister_globals' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__asan_report_store8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:63: undefined reference to `__asan_report_store4' providers/fips/fips-dso-fipsprov.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_register_globals' providers/fips/fips-dso-fipsprov.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_unregister_globals' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Mon Apr 8 23:03:36 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 08 Apr 2019 23:03:36 +0000 Subject: [openssl] master update Message-ID: <1554764616.586392.30161.nullmailer@dev.openssl.org> The branch master has been updated via 97cc9c9b01217f41438472db98fc41ab96fc466b (commit) from e9cfa192019574a75fbeca4811c10635a9049381 (commit) - Log ----------------------------------------------------------------- commit 97cc9c9b01217f41438472db98fc41ab96fc466b Author: Shane Lontis Date: Sun Apr 7 18:59:07 2019 +1000 Coverity: hkdf ENV_MD_size() is an int that can be negative Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8692) ----------------------------------------------------------------------- Summary of changes: crypto/kdf/hkdf.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index bfccf16..c8b3f03 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -182,6 +182,8 @@ static int kdf_hkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl) { + int sz; + if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY) return SIZE_MAX; @@ -189,7 +191,11 @@ static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl) KDFerr(KDF_F_KDF_HKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST); return 0; } - return EVP_MD_size(impl->md); + sz = EVP_MD_size(impl->md); + if (sz < 0) + return 0; + + return sz; } static int kdf_hkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, @@ -241,8 +247,13 @@ static int HKDF(const EVP_MD *evp_md, unsigned char *okm, size_t okm_len) { unsigned char prk[EVP_MAX_MD_SIZE]; - int ret; - size_t prk_len = EVP_MD_size(evp_md); + int ret, sz; + size_t prk_len; + + sz = EVP_MD_size(evp_md); + if (sz < 0) + return 0; + prk_len = (size_t)sz; if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, prk_len)) return 0; @@ -258,7 +269,11 @@ static int HKDF_Extract(const EVP_MD *evp_md, const unsigned char *key, size_t key_len, unsigned char *prk, size_t prk_len) { - if (prk_len != (size_t)EVP_MD_size(evp_md)) { + int sz = EVP_MD_size(evp_md); + + if (sz < 0) + return 0; + if (prk_len != (size_t)sz) { KDFerr(KDF_F_HKDF_EXTRACT, KDF_R_WRONG_OUTPUT_BUFFER_SIZE); return 0; } @@ -271,11 +286,16 @@ static int HKDF_Expand(const EVP_MD *evp_md, unsigned char *okm, size_t okm_len) { HMAC_CTX *hmac; - int ret = 0; + int ret = 0, sz; unsigned int i; unsigned char prev[EVP_MAX_MD_SIZE]; - size_t done_len = 0, dig_len = EVP_MD_size(evp_md); - size_t n = okm_len / dig_len; + size_t done_len = 0, dig_len, n; + + sz = EVP_MD_size(evp_md); + if (sz <= 0) + return 0; + dig_len = (size_t)sz; + n = okm_len / dig_len; if (okm_len % dig_len) n++; From builds at travis-ci.org Mon Apr 8 23:26:55 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 08 Apr 2019 23:26:55 +0000 Subject: Still Failing: openssl/openssl#24621 (master - 97cc9c9) In-Reply-To: Message-ID: <5cabd8bf4d69d_43fa61f07605c92739@65a2b609-44b9-476a-b6fd-94d2a71fe28e.mail> Build Update for openssl/openssl ------------------------------------- Build: #24621 Status: Still Failing Duration: 22 mins and 41 secs Commit: 97cc9c9 (master) Author: Shane Lontis Message: Coverity: hkdf ENV_MD_size() is an int that can be negative Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8692) View the changeset: https://github.com/openssl/openssl/compare/e9cfa1920195...97cc9c9b0121 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517530455?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Tue Apr 9 01:26:56 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Tue, 09 Apr 2019 01:26:56 +0000 Subject: [openssl] master update Message-ID: <1554773216.386692.6158.nullmailer@dev.openssl.org> The branch master has been updated via bb315ca716656b7aff89f86d35988062952ccb21 (commit) from 97cc9c9b01217f41438472db98fc41ab96fc466b (commit) - Log ----------------------------------------------------------------- commit bb315ca716656b7aff89f86d35988062952ccb21 Author: Shane Lontis Date: Fri Mar 22 14:10:31 2019 +1000 EC keygen updates + changed ecdsa_sign to use BN_secure_new Reviewed-by: Nicola Tuveri Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8557) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_key.c | 61 +++++++++++++++++++++++++++++++++++++------------- crypto/ec/ecdsa_ossl.c | 2 +- 2 files changed, 47 insertions(+), 16 deletions(-) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 637ba14..416c0e0 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -195,59 +195,90 @@ int ossl_ec_key_gen(EC_KEY *eckey) return eckey->group->meth->keygen(eckey); } +/* + * ECC Key generation. + * See SP800-56AR3 5.6.1.2.2 "Key Pair Generation by Testing Candidates" + * + * Params: + * eckey An EC key object that contains domain params. The generated keypair + * is stored in this object. + * Returns 1 if the keypair was generated or 0 otherwise. + */ int ec_key_simple_generate_key(EC_KEY *eckey) { int ok = 0; - BN_CTX *ctx = NULL; BIGNUM *priv_key = NULL; const BIGNUM *order = NULL; EC_POINT *pub_key = NULL; - - if ((ctx = BN_CTX_new()) == NULL) - goto err; + const EC_GROUP *group = eckey->group; if (eckey->priv_key == NULL) { - priv_key = BN_new(); + priv_key = BN_secure_new(); if (priv_key == NULL) goto err; } else priv_key = eckey->priv_key; - order = EC_GROUP_get0_order(eckey->group); + /* + * Steps (1-2): Check domain parameters and security strength. + * These steps must be done by the user. This would need to be + * stated in the security policy. + */ + + order = EC_GROUP_get0_order(group); if (order == NULL) goto err; + /* + * Steps (3-7): priv_key = DRBG_RAND(order_n_bits) (range [1, n-1]). + * Although this is slightly different from the standard, it is effectively + * equivalent as it gives an unbiased result ranging from 1..n-1. It is also + * faster as the standard needs to retry more often. Also doing + * 1 + rand[0..n-2] would effect the way that tests feed dummy entropy into + * rand so the simpler backward compatible method has been used here. + */ do if (!BN_priv_rand_range(priv_key, order)) goto err; while (BN_is_zero(priv_key)) ; if (eckey->pub_key == NULL) { - pub_key = EC_POINT_new(eckey->group); + pub_key = EC_POINT_new(group); if (pub_key == NULL) goto err; } else pub_key = eckey->pub_key; - if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) + /* Step (8) : pub_key = priv_key * G (where G is a point on the curve) */ + if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) goto err; eckey->priv_key = priv_key; eckey->pub_key = pub_key; + priv_key = NULL; + pub_key = NULL; ok = 1; - err: - if (eckey->pub_key == NULL) - EC_POINT_free(pub_key); - if (eckey->priv_key != priv_key) - BN_free(priv_key); - BN_CTX_free(ctx); +err: + /* Step (9): If there is an error return an invalid keypair. */ + if (!ok) { + BN_clear(eckey->priv_key); + if (eckey->pub_key != NULL) + EC_POINT_set_to_infinity(group, eckey->pub_key); + } + + EC_POINT_free(pub_key); + BN_clear_free(priv_key); return ok; } int ec_key_simple_generate_public_key(EC_KEY *eckey) { + /* + * See SP800-56AR3 5.6.1.2.2: Step (8) + * pub_key = priv_key * G (where G is a point on the curve) + */ return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, NULL, NULL); } diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index a790e0a..a488d5c 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -59,7 +59,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } } - k = BN_new(); /* this value is later returned in *kinvp */ + k = BN_secure_new(); /* this value is later returned in *kinvp */ r = BN_new(); /* this value is later returned in *rp */ X = BN_new(); if (k == NULL || r == NULL || X == NULL) { From builds at travis-ci.org Tue Apr 9 01:45:49 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Apr 2019 01:45:49 +0000 Subject: Still Failing: openssl/openssl#24622 (master - bb315ca) In-Reply-To: Message-ID: <5cabf94d52be2_43ffae0f0f13469847@a583be85-3466-47b6-b669-570b14aebbec.mail> Build Update for openssl/openssl ------------------------------------- Build: #24622 Status: Still Failing Duration: 18 mins and 16 secs Commit: bb315ca (master) Author: Shane Lontis Message: EC keygen updates + changed ecdsa_sign to use BN_secure_new Reviewed-by: Nicola Tuveri Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8557) View the changeset: https://github.com/openssl/openssl/compare/97cc9c9b0121...bb315ca71665 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517566563?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Apr 9 02:41:58 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 09 Apr 2019 02:41:58 +0000 Subject: Build failed: openssl master.24028 Message-ID: <20190409024158.1.BDF77D731E9460E6@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Apr 9 05:15:59 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Apr 2019 05:15:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1554786959.711255.10060.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: e9cfa19201 Avoid alignment problems in params API. f997e456b9 s_client starttls: fix handling of multiline reply df09b6b5f9 coverity resource leak fixes in apps/pkeyutl 61d7045bd2 fix --strict-warnings build aa447d6fdb fix --strict-warnings build Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:22: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Tue Apr 9 06:58:52 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 09 Apr 2019 06:58:52 +0000 Subject: Build completed: openssl master.24029 Message-ID: <20190409065852.1.9D5596D87AD7AEA4@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Apr 9 09:18:35 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 09 Apr 2019 09:18:35 +0000 Subject: [openssl] master update Message-ID: <1554801515.790644.9570.nullmailer@dev.openssl.org> The branch master has been updated via 195852fefc1ef090977ed3cc3334f1dfbd6bac34 (commit) from bb315ca716656b7aff89f86d35988062952ccb21 (commit) - Log ----------------------------------------------------------------- commit 195852fefc1ef090977ed3cc3334f1dfbd6bac34 Author: Richard Levitte Date: Tue Apr 9 09:49:58 2019 +0200 Params: add OSSL_PARAM_construct_end() OSSL_PARAM_END is a macro that can only be used to initialize an OSSL_PARAM array, not to assign an array element later on. For completion, we add an end constructor to facilitate that kind of assignment. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8704) ----------------------------------------------------------------------- Summary of changes: crypto/params.c | 7 +++++++ doc/man3/OSSL_PARAM_TYPE.pod | 7 ++++++- include/openssl/params.h | 1 + test/params_api_test.c | 3 +-- test/params_test.c | 3 +-- util/libcrypto.num | 1 + 6 files changed, 17 insertions(+), 5 deletions(-) diff --git a/crypto/params.c b/crypto/params.c index 465bb32..8b75e04 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -590,3 +590,10 @@ OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, { return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, 0, rsize); } + +OSSL_PARAM OSSL_PARAM_construct_end(void) +{ + OSSL_PARAM end = OSSL_PARAM_END; + + return end; +} diff --git a/doc/man3/OSSL_PARAM_TYPE.pod b/doc/man3/OSSL_PARAM_TYPE.pod index 2842eae..dd887f3 100644 --- a/doc/man3/OSSL_PARAM_TYPE.pod +++ b/doc/man3/OSSL_PARAM_TYPE.pod @@ -10,7 +10,8 @@ OSSL_PARAM_SIZED_octet_ptr, OSSL_PARAM_END, OSSL_PARAM_construct_TYPE, OSSL_PARAM_END, OSSL_PARAM_construct_BN, OSSL_PARAM_construct_utf8_string, OSSL_PARAM_construct_utf8_ptr, OSSL_PARAM_construct_octet_string, -OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_locate, OSSL_PARAM_get_TYPE, +OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_construct_end, +OSSL_PARAM_locate, OSSL_PARAM_get_TYPE, OSSL_PARAM_set_TYPE, OSSL_PARAM_get_BN, OSSL_PARAM_set_BN, OSSL_PARAM_get_utf8_string, OSSL_PARAM_set_utf8_string, OSSL_PARAM_get_octet_string, OSSL_PARAM_set_octet_string, @@ -46,6 +47,7 @@ OSSL_PARAM_set_octet_ptr size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, size_t *rsize); + OSSL_PARAM OSSL_PARAM_construct_end(void); OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key); @@ -179,6 +181,9 @@ pointer OSSL_PARAM structure. A parameter with name B, storage pointer B<*buf> and return size B is created. +OSSL_PARAM_construct_end() is a function that constructs the terminating +OSSL_PARAM structure. + OSSL_PARAM_locate() is a function that searches an B of parameters for the one matching the B name. diff --git a/include/openssl/params.h b/include/openssl/params.h index 10ed28d..cf9ffa8 100644 --- a/include/openssl/params.h +++ b/include/openssl/params.h @@ -137,6 +137,7 @@ OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, size_t *rsize); +OSSL_PARAM OSSL_PARAM_construct_end(void); int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val); int OSSL_PARAM_get_uint(const OSSL_PARAM *p, unsigned int *val); diff --git a/test/params_api_test.c b/test/params_api_test.c index c78a42b..a3d2337 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -448,7 +448,6 @@ static int test_param_construct(void) void *vp, *vpn = NULL, *vp2; OSSL_PARAM *p; const OSSL_PARAM *cp; - static const OSSL_PARAM pend = OSSL_PARAM_END; int i, n = 0, ret = 0; unsigned int u; long int l; @@ -478,7 +477,7 @@ static int test_param_construct(void) &sz); params[n++] = OSSL_PARAM_construct_utf8_ptr("utf8ptr", &bufp, &sz); params[n++] = OSSL_PARAM_construct_octet_ptr("octptr", &vp, &sz); - params[n] = pend; + params[n] = OSSL_PARAM_construct_end(); /* Search failure */ if (!TEST_ptr_null(OSSL_PARAM_locate(params, "fnord"))) diff --git a/test/params_test.c b/test/params_test.c index 338e6b2..8d456bb 100644 --- a/test/params_test.c +++ b/test/params_test.c @@ -391,7 +391,6 @@ static OSSL_PARAM *construct_api_params(void) { size_t n = 0; static OSSL_PARAM params[10]; - OSSL_PARAM param_end = OSSL_PARAM_END; params[n++] = OSSL_PARAM_construct_int("p1", &app_p1, NULL); params[n++] = OSSL_PARAM_construct_BN("p3", bignumbin, sizeof(bignumbin), @@ -404,7 +403,7 @@ static OSSL_PARAM *construct_api_params(void) &app_p6_l); params[n++] = OSSL_PARAM_construct_octet_string("foo", &foo, sizeof(foo), &foo_l); - params[n++] = param_end; + params[n++] = OSSL_PARAM_construct_end(); return params; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 6388973..d275e57 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4794,3 +4794,4 @@ EVP_PKEY_get0_engine 4741 3_0_0 EXIST::FUNCTION:ENGINE EVP_MD_upref 4742 3_0_0 EXIST::FUNCTION: EVP_MD_fetch 4743 3_0_0 EXIST::FUNCTION: EVP_set_default_properties 4744 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_end 4745 3_0_0 EXIST::FUNCTION: From levitte at openssl.org Tue Apr 9 09:20:15 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 09 Apr 2019 09:20:15 +0000 Subject: [openssl] master update Message-ID: <1554801615.675200.32628.nullmailer@dev.openssl.org> The branch master has been updated via 68ca1737ce58173001f2146b913388f872842f69 (commit) from 195852fefc1ef090977ed3cc3334f1dfbd6bac34 (commit) - Log ----------------------------------------------------------------- commit 68ca1737ce58173001f2146b913388f872842f69 Author: Richard Levitte Date: Fri Apr 5 15:38:09 2019 +0200 Configurations/10-main.conf: Don't inherit assembler in Cygwin-common The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do this. Fixes #8684 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8685) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 0e3afd3..27e587f 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1431,7 +1431,7 @@ my %targets = ( #### Cygwin "Cygwin-common" => { - inherit_from => [ "BASE_unix", asm("x86_asm") ], + inherit_from => [ "BASE_unix" ], template => 1, CC => "gcc", From matt at openssl.org Tue Apr 9 09:25:11 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 09 Apr 2019 09:25:11 +0000 Subject: [openssl] master update Message-ID: <1554801911.323097.8042.nullmailer@dev.openssl.org> The branch master has been updated via d030892312a2e7076511205e7fe1a5eae98e5102 (commit) via dc46e3dde58c781b5f29942d787a2c8765ba5514 (commit) from 68ca1737ce58173001f2146b913388f872842f69 (commit) - Log ----------------------------------------------------------------- commit d030892312a2e7076511205e7fe1a5eae98e5102 Author: Matt Caswell Date: Fri Apr 5 10:47:05 2019 +0100 Add a legacy provider and put MD2 in it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8541) commit dc46e3dde58c781b5f29942d787a2c8765ba5514 Author: Matt Caswell Date: Wed Mar 20 17:51:29 2019 +0000 Use the right NID when putting a method in the store When we attempt to fetch a method with a given NID we will ask the providers for it if we don't already know about it. During that process we may be told about other methods with a different NID. We need to make sure we don't confuse the two. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8541) ----------------------------------------------------------------------- Summary of changes: Configure | 6 ++- INSTALL | 4 ++ crypto/core_fetch.c | 5 +- crypto/evp/digest.c | 10 +++- crypto/evp/evp_fetch.c | 27 ++++++---- crypto/evp/evp_locl.h | 3 +- crypto/property/property_parse.c | 1 + doc/internal/man3/evp_generic_fetch.pod | 7 ++- doc/internal/man3/ossl_method_construct.pod | 7 +-- include/internal/core.h | 4 +- providers/build.info | 11 ++++ providers/legacy/build.info | 4 ++ providers/legacy/digests/build.info | 4 ++ providers/legacy/digests/md2.c | 63 ++++++++++++++++++++++ providers/{fips/fipsprov.c => legacy/legacyprov.c} | 36 +++++++------ test/md2test.c | 14 +++++ test/recipes/05-test_md2.t | 5 ++ 17 files changed, 173 insertions(+), 38 deletions(-) create mode 100644 providers/legacy/build.info create mode 100644 providers/legacy/digests/build.info create mode 100644 providers/legacy/digests/md2.c copy providers/{fips/fipsprov.c => legacy/legacyprov.c} (68%) diff --git a/Configure b/Configure index 6702bc6..3b7ca36 100755 --- a/Configure +++ b/Configure @@ -374,6 +374,7 @@ my @disablables = ( "fuzz-afl", "gost", "idea", + "legacy", "makedepend", "md2", "md4", @@ -513,7 +514,7 @@ my @disable_cascades = ( # or modules. "pic" => [ "shared", "module" ], - "module" => [ "fips" ], + "module" => [ "fips", "legacy" ], "engine" => [ grep /eng$/, @disablables ], "hw" => [ "padlockeng" ], @@ -532,6 +533,7 @@ my @disable_cascades = ( sub { !$disabled{"msan"} } => [ "asm" ], sub { $disabled{cmac}; } => [ "siv" ], + "legacy" => [ "md2" ], ); # Avoid protocol support holes. Also disable all versions below N, if version @@ -1226,7 +1228,7 @@ foreach my $what (sort keys %disabled) { if (!grep { $what eq $_ } ( 'buildtest-c++', 'fips', 'threads', 'shared', 'module', 'pic', 'dynamic-engine', 'makedepend', - 'zlib-dynamic', 'zlib', 'sse2' )) { + 'zlib-dynamic', 'zlib', 'sse2', 'legacy' )) { (my $WHAT = uc $what) =~ s|-|_|g; my $skipdir = $what; diff --git a/INSTALL b/INSTALL index c496e79..50722a1 100644 --- a/INSTALL +++ b/INSTALL @@ -409,6 +409,10 @@ available if the GOST algorithms are also available through loading an externally supplied engine. + no-legacy + Don't build the legacy provider. Disabling this also disables + the legacy algorithms: MD2 (already disabled by default). + no-makedepend Don't generate dependencies. diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index d38e132..2c4b0d7 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -35,8 +35,9 @@ static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata) const OSSL_ALGORITHM *thismap = map++; void *method = NULL; - if ((method = data->mcm->construct(thismap->implementation, provider, - data->mcm_data)) == NULL) + if ((method = data->mcm->construct(thismap->algorithm_name, + thismap->implementation, provider, + data->mcm_data)) == NULL) continue; /* diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index b93a014..527c5d6 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -145,6 +145,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (type->prov == NULL) { switch(type->type) { case NID_sha256: + case NID_md2: break; default: goto legacy; @@ -585,10 +586,17 @@ static void evp_md_free(void *md) EVP_MD_meth_free(md); } +static int evp_md_nid(void *vmd) +{ + EVP_MD *md = vmd; + + return md->type; +} + EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties) { return evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties, evp_md_from_dispatch, evp_md_upref, - evp_md_free); + evp_md_free, evp_md_nid); } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 329129d..012383f 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -62,6 +62,7 @@ struct method_data_st { OSSL_PROVIDER *); int (*refcnt_up_method)(void *method); void (*destruct_method)(void *method); + int (*nid_method)(void *method); }; /* @@ -106,29 +107,35 @@ static void *get_method_from_store(OPENSSL_CTX *libctx, void *store, } static int put_method_in_store(OPENSSL_CTX *libctx, void *store, - const char *propdef, void *method, - void *data) + const char *propdef, + void *method, void *data) { struct method_data_st *methdata = data; + int nid = methdata->nid_method(method); + + if (nid == NID_undef) + return 0; if (store == NULL && (store = get_default_method_store(libctx)) == NULL) return 0; if (methdata->refcnt_up_method(method) - && ossl_method_store_add(store, methdata->nid, propdef, method, + && ossl_method_store_add(store, nid, propdef, method, methdata->destruct_method)) return 1; return 0; } -static void *construct_method(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, +static void *construct_method(const char *algorithm_name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *data) { struct method_data_st *methdata = data; void *method = NULL; + int nid = OBJ_sn2nid(algorithm_name); - if (methdata->nid == NID_undef) { + if (nid == NID_undef) { /* Create a new NID for that name on the fly */ ASN1_OBJECT tmpobj; @@ -139,13 +146,13 @@ static void *construct_method(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, tmpobj.length = 0; tmpobj.data = NULL; - methdata->nid = OBJ_add_object(&tmpobj); + nid = OBJ_add_object(&tmpobj); } - if (methdata->nid == NID_undef) + if (nid == NID_undef) return NULL; - method = methdata->method_from_dispatch(methdata->nid, fns, prov); + method = methdata->method_from_dispatch(nid, fns, prov); if (method == NULL) return NULL; return method; @@ -163,7 +170,8 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, void *(*new_method)(int nid, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*upref_method)(void *), - void (*free_method)(void *)) + void (*free_method)(void *), + int (*nid_method)(void *)) { int nid = OBJ_sn2nid(algorithm); void *method = NULL; @@ -186,6 +194,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, mcmdata.destruct_method = free_method; mcmdata.refcnt_up_method = upref_method; mcmdata.destruct_method = free_method; + mcmdata.nid_method = nid_method; method = ossl_method_construct(libctx, operation_id, algorithm, properties, 0 /* !force_cache */, &mcm, &mcmdata); diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 2453eff..efa2db8 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -90,4 +90,5 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, void *(*new_method)(int nid, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*upref_method)(void *), - void (*free_method)(void *)); + void (*free_method)(void *), + int (*nid_method)(void *)); diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 074da51..faaaee8 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -523,6 +523,7 @@ int ossl_property_parse_init(void) { static const char *const predefined_names[] = { "default", /* Being provided by the default built-in provider */ + "legacy", /* Provided by the legacy provider */ "provider", /* Name of provider (default, fips) */ "version", /* Version number of this provider */ "fips", /* FIPS supporting provider */ diff --git a/doc/internal/man3/evp_generic_fetch.pod b/doc/internal/man3/evp_generic_fetch.pod index b871cd1..881aaf9 100644 --- a/doc/internal/man3/evp_generic_fetch.pod +++ b/doc/internal/man3/evp_generic_fetch.pod @@ -14,7 +14,8 @@ evp_generic_fetch - generic algorithm fetcher and method creator for EVP void *(*new_method)(int nid, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*upref_method)(void *), - void (*free_method)(void *)); + void (*free_method)(void *), + int (*nid_method)(void *)); =head1 DESCRIPTION @@ -41,6 +42,10 @@ one. frees the given method. +=item nid_method() + +returns the nid associated with the given method. + =back =head1 RETURN VALUES diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index 3664635..7b682dd 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -21,8 +21,8 @@ OSSL_METHOD_CONSTRUCT_METHOD, ossl_method_construct int (*put)(OPENSSL_CTX *libctx, void *store, const char *propdef, void *method, void *data); /* Construct a new method */ - void *(*construct)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, - void *data); + void *(*construct)(const char *algorithm_name, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov, void *data); /* Destruct a method */ void (*destruct)(void *method); }; @@ -107,7 +107,8 @@ This function is expected to increment the C's reference count. =item construct() -Constructs a sub-system method given a dispatch table C. +Constructs a sub-system method for the given C and the given +dispatch table C. The associated I C is passed as well, to make it possible for the sub-system constructor to keep a reference, which diff --git a/include/internal/core.h b/include/internal/core.h index b395025..06a0775 100644 --- a/include/internal/core.h +++ b/include/internal/core.h @@ -38,8 +38,8 @@ typedef struct ossl_method_construct_method_st { int (*put)(OPENSSL_CTX *libctx, void *store, const char *propdef, void *method, void *data); /* Construct a new method */ - void *(*construct)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, - void *data); + void *(*construct)(const char *algorithm_name, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov, void *data); /* Destruct a method */ void (*destruct)(void *method, void *data); } OSSL_METHOD_CONSTRUCT_METHOD; diff --git a/providers/build.info b/providers/build.info index b2b5384..1628e1f 100644 --- a/providers/build.info +++ b/providers/build.info @@ -10,3 +10,14 @@ IF[{- !$disabled{fips} -}] INCLUDE[fips]=.. ../include ../crypto/include DEFINE[fips]=FIPS_MODE ENDIF + +IF[{- !$disabled{legacy} -}] + SUBDIRS=legacy + MODULES=legacy + IF[{- defined $target{shared_defflag} -}] + SOURCE[legacy]=legacy.ld + GENERATE[legacy.ld]=../util/providers.num + ENDIF + INCLUDE[legacy]=.. ../include ../crypto/include + DEPEND[legacy]=../libcrypto +ENDIF diff --git a/providers/legacy/build.info b/providers/legacy/build.info new file mode 100644 index 0000000..df7e9ac --- /dev/null +++ b/providers/legacy/build.info @@ -0,0 +1,4 @@ +SUBDIRS=digests + +SOURCE[../legacy]=\ + legacyprov.c diff --git a/providers/legacy/digests/build.info b/providers/legacy/digests/build.info new file mode 100644 index 0000000..c4e1278 --- /dev/null +++ b/providers/legacy/digests/build.info @@ -0,0 +1,4 @@ +IF[{- !$disabled{md2} -}] + SOURCE[../../legacy]=\ + md2.c +ENDIF diff --git a/providers/legacy/digests/md2.c b/providers/legacy/digests/md2.c new file mode 100644 index 0000000..c941dd7 --- /dev/null +++ b/providers/legacy/digests/md2.c @@ -0,0 +1,63 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +static int md2_final(void *ctx, unsigned char *md, size_t *size) +{ + if (MD2_Final(md, ctx)) { + *size = MD2_DIGEST_LENGTH; + return 1; + } + + return 0; +} + +static void *md2_newctx(void) +{ + MD2_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + return ctx; +} + +static void md2_freectx(void *vctx) +{ + MD2_CTX *ctx = (MD2_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *md2_dupctx(void *ctx) +{ + MD2_CTX *in = (MD2_CTX *)ctx; + MD2_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + *ret = *in; + + return ret; +} + +static size_t md2_size(void) +{ + return MD2_DIGEST_LENGTH; +} + +extern const OSSL_DISPATCH md2_functions[]; +const OSSL_DISPATCH md2_functions[] = { + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))md2_newctx }, + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))MD2_Init }, + { OSSL_FUNC_DIGEST_UPDDATE, (void (*)(void))MD2_Update }, + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))md2_final }, + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))md2_freectx }, + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))md2_dupctx }, + { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))md2_size }, + { 0, NULL } +}; diff --git a/providers/fips/fipsprov.c b/providers/legacy/legacyprov.c similarity index 68% copy from providers/fips/fipsprov.c copy to providers/legacy/legacyprov.c index d3671b5..48e8933 100644 --- a/providers/fips/fipsprov.c +++ b/providers/legacy/legacyprov.c @@ -19,25 +19,25 @@ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; static OSSL_core_get_params_fn *c_get_params = NULL; /* Parameters we provide to the core */ -static const OSSL_ITEM fips_param_types[] = { +static const OSSL_ITEM legacy_param_types[] = { { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION }, { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO }, { 0, NULL } }; -static const OSSL_ITEM *fips_get_param_types(const OSSL_PROVIDER *prov) +static const OSSL_ITEM *legacy_get_param_types(const OSSL_PROVIDER *prov) { - return fips_param_types; + return legacy_param_types; } -static int fips_get_params(const OSSL_PROVIDER *prov, +static int legacy_get_params(const OSSL_PROVIDER *prov, const OSSL_PARAM params[]) { const OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Legacy Provider")) return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) @@ -49,30 +49,32 @@ static int fips_get_params(const OSSL_PROVIDER *prov, return 1; } -extern const OSSL_DISPATCH sha256_functions[]; +extern const OSSL_DISPATCH md2_functions[]; -static const OSSL_ALGORITHM fips_digests[] = { - { "SHA256", "fips=yes", sha256_functions }, +static const OSSL_ALGORITHM legacy_digests[] = { +#ifndef OPENSSL_NO_MD2 + { "MD2", "legacy=yes", md2_functions }, +#endif { NULL, NULL, NULL } }; -static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) +static const OSSL_ALGORITHM *legacy_query(OSSL_PROVIDER *prov, + int operation_id, + int *no_cache) { *no_cache = 0; switch (operation_id) { case OSSL_OP_DIGEST: - return fips_digests; + return legacy_digests; } return NULL; } /* Functions we provide to the core */ -static const OSSL_DISPATCH fips_dispatch_table[] = { - { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES, (void (*)(void))fips_get_param_types }, - { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, - { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, +static const OSSL_DISPATCH legacy_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES, (void (*)(void))legacy_get_param_types }, + { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))legacy_get_params }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))legacy_query }, { 0, NULL } }; @@ -94,6 +96,6 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, } } - *out = fips_dispatch_table; + *out = legacy_dispatch_table; return 1; } diff --git a/test/md2test.c b/test/md2test.c index 3491e13..47f55b7 100644 --- a/test/md2test.c +++ b/test/md2test.c @@ -9,9 +9,12 @@ #include +#include #include "internal/nelem.h" #include "testutil.h" +static OSSL_PROVIDER *prov = NULL; + #ifndef OPENSSL_NO_MD2 # include # include @@ -58,6 +61,17 @@ static int test_md2(int n) } #endif +int global_init(void) +{ + prov = OSSL_PROVIDER_load(NULL, "legacy"); + + return prov != NULL; +} +void cleanup_tests(void) +{ + OSSL_PROVIDER_unload(prov); +} + int setup_tests(void) { #ifndef OPENSSL_NO_MD2 diff --git a/test/recipes/05-test_md2.t b/test/recipes/05-test_md2.t index 8ac4f38..e60e791 100644 --- a/test/recipes/05-test_md2.t +++ b/test/recipes/05-test_md2.t @@ -8,5 +8,10 @@ use OpenSSL::Test::Simple; +use OpenSSL::Test qw/:DEFAULT bldtop_dir/; + +setup("test_md2"); + +$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); simple_test("test_md2", "md2test", "md2"); From matt at openssl.org Tue Apr 9 09:35:59 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 09 Apr 2019 09:35:59 +0000 Subject: [openssl] master update Message-ID: <1554802559.858202.10474.nullmailer@dev.openssl.org> The branch master has been updated via b926f9deb3dc79d00f0a989370e95867516a3a17 (commit) from d030892312a2e7076511205e7fe1a5eae98e5102 (commit) - Log ----------------------------------------------------------------- commit b926f9deb3dc79d00f0a989370e95867516a3a17 Author: Matt Caswell Date: Mon Apr 8 11:22:37 2019 +0100 Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index fa8153d..e994633 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -297,6 +297,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, if (ctx == NULL) return 0; + stmp.type = X509_LU_NONE; + stmp.data.ptr = NULL; + CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock); From matt at openssl.org Tue Apr 9 09:36:13 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 09 Apr 2019 09:36:13 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554802573.372549.11448.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 0c45bd8dae287a286583dca682eafcfa5a5d4469 (commit) from d7af859880c14fff9d46a028366ab473977d1f36 (commit) - Log ----------------------------------------------------------------- commit 0c45bd8dae287a286583dca682eafcfa5a5d4469 Author: Matt Caswell Date: Mon Apr 8 11:22:37 2019 +0100 Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) (cherry picked from commit b926f9deb3dc79d00f0a989370e95867516a3a17) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index be39015..eaf6a8e 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -297,6 +297,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, if (ctx == NULL) return 0; + stmp.type = X509_LU_NONE; + stmp.data.ptr = NULL; + CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock); From builds at travis-ci.org Tue Apr 9 09:37:05 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Apr 2019 09:37:05 +0000 Subject: Still Failing: openssl/openssl#24628 (master - 195852f) In-Reply-To: Message-ID: <5cac67c1a8235_43f9d51ebae2861710@944fec3a-8ab0-4cd4-bfa5-a0b5b24b6f4c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24628 Status: Still Failing Duration: 17 mins and 47 secs Commit: 195852f (master) Author: Richard Levitte Message: Params: add OSSL_PARAM_construct_end() OSSL_PARAM_END is a macro that can only be used to initialize an OSSL_PARAM array, not to assign an array element later on. For completion, we add an end constructor to facilitate that kind of assignment. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8704) View the changeset: https://github.com/openssl/openssl/compare/bb315ca71665...195852fefc1e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517694137?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 9 09:51:45 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Apr 2019 09:51:45 +0000 Subject: Still Failing: openssl/openssl#24629 (master - 68ca173) In-Reply-To: Message-ID: <5cac6b3124881_43fd2dd633720157971@03a0b7fe-c95f-4d32-ba7c-d09e5ae49e62.mail> Build Update for openssl/openssl ------------------------------------- Build: #24629 Status: Still Failing Duration: 28 mins and 3 secs Commit: 68ca173 (master) Author: Richard Levitte Message: Configurations/10-main.conf: Don't inherit assembler in Cygwin-common The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do this. Fixes #8684 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8685) View the changeset: https://github.com/openssl/openssl/compare/195852fefc1e...68ca1737ce58 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517694802?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 9 10:02:09 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Apr 2019 10:02:09 +0000 Subject: Still Failing: openssl/openssl#24630 (master - d030892) In-Reply-To: Message-ID: <5cac6da19e1e5_43ffae2a6c094153484@a583be85-3466-47b6-b669-570b14aebbec.mail> Build Update for openssl/openssl ------------------------------------- Build: #24630 Status: Still Failing Duration: 25 mins and 13 secs Commit: d030892 (master) Author: Matt Caswell Message: Add a legacy provider and put MD2 in it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8541) View the changeset: https://github.com/openssl/openssl/compare/68ca1737ce58...d030892312a2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517696858?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Apr 9 10:08:51 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Apr 2019 10:08:51 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1554804531.333866.15669.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: e9cfa19201 Avoid alignment problems in params API. f997e456b9 s_client starttls: fix handling of multiline reply df09b6b5f9 coverity resource leak fixes in apps/pkeyutl 61d7045bd2 fix --strict-warnings build aa447d6fdb fix --strict-warnings build Build log ended with (last 100 lines): /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: more undefined references to `__ubsan_handle_shift_out_of_bounds_abort' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:202: undefined reference to `__ubsan_handle_add_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-ubsan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:63: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12768: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:120: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: undefined reference to `__ubsan_handle_pointer_overflow_abort' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12830: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From builds at travis-ci.org Tue Apr 9 10:15:03 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Apr 2019 10:15:03 +0000 Subject: Still Failing: openssl/openssl#24631 (master - b926f9d) In-Reply-To: Message-ID: <5cac70a720137_43f87a535f680219373@6d95486e-d2dd-4041-aa8d-0ef9508fde62.mail> Build Update for openssl/openssl ------------------------------------- Build: #24631 Status: Still Failing Duration: 26 mins and 31 secs Commit: b926f9d (master) Author: Matt Caswell Message: Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) View the changeset: https://github.com/openssl/openssl/compare/d030892312a2...b926f9deb3dc View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517700898?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 9 10:25:42 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Apr 2019 10:25:42 +0000 Subject: Still Failing: openssl/openssl#24632 (OpenSSL_1_1_1-stable - 0c45bd8) In-Reply-To: Message-ID: <5cac7325e1295_43fd29c65d9a82077d6@fd5286d7-4575-4a98-a020-6b8574bb5e63.mail> Build Update for openssl/openssl ------------------------------------- Build: #24632 Status: Still Failing Duration: 24 mins and 20 secs Commit: 0c45bd8 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) (cherry picked from commit b926f9deb3dc79d00f0a989370e95867516a3a17) View the changeset: https://github.com/openssl/openssl/compare/d7af859880c1...0c45bd8dae28 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517701034?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Apr 9 12:10:28 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 09 Apr 2019 12:10:28 +0000 Subject: [openssl] master update Message-ID: <1554811828.423732.5953.nullmailer@dev.openssl.org> The branch master has been updated via bbcaef632440067d173e2c4bfc40dd96ef2c0112 (commit) via f55ed701a458e3b3840a5d8c8dd3019d7d71a26f (commit) from b926f9deb3dc79d00f0a989370e95867516a3a17 (commit) - Log ----------------------------------------------------------------- commit bbcaef632440067d173e2c4bfc40dd96ef2c0112 Author: Richard Levitte Date: Tue Apr 9 13:16:16 2019 +0200 test/params_test.c : Adjust tests to check utf8_ptr sizes Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8703) commit f55ed701a458e3b3840a5d8c8dd3019d7d71a26f Author: Richard Levitte Date: Tue Apr 9 08:31:09 2019 +0200 Params API: {utf8,octet}_ptr need to know the data size When the purpose is to pass parameters to a setter function, that setter function needs to know the size of the data passed. This remains true for the pointer data types as well. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8703) ----------------------------------------------------------------------- Summary of changes: crypto/params.c | 8 ++++---- doc/man3/OSSL_PARAM_TYPE.pod | 19 +++++++++++++------ include/openssl/params.h | 4 ++-- test/params_api_test.c | 4 ++-- test/params_test.c | 32 +++++++++++++++++++++++++------- 5 files changed, 46 insertions(+), 21 deletions(-) diff --git a/crypto/params.c b/crypto/params.c index 8b75e04..bdb1fa9 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -580,15 +580,15 @@ int OSSL_PARAM_set_octet_ptr(const OSSL_PARAM *p, const void *val, } OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, - size_t *rsize) + size_t bsize, size_t *rsize) { - return ossl_param_construct(key, OSSL_PARAM_UTF8_PTR, buf, 0, rsize); + return ossl_param_construct(key, OSSL_PARAM_UTF8_PTR, buf, bsize, rsize); } OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, - size_t *rsize) + size_t bsize, size_t *rsize) { - return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, 0, rsize); + return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, bsize, rsize); } OSSL_PARAM OSSL_PARAM_construct_end(void) diff --git a/doc/man3/OSSL_PARAM_TYPE.pod b/doc/man3/OSSL_PARAM_TYPE.pod index dd887f3..4585f25 100644 --- a/doc/man3/OSSL_PARAM_TYPE.pod +++ b/doc/man3/OSSL_PARAM_TYPE.pod @@ -44,9 +44,9 @@ OSSL_PARAM_set_octet_ptr OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, - size_t *rsize); + size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, - size_t *rsize); + size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_end(void); OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key); @@ -173,13 +173,13 @@ size B is created. OSSL_PARAM_construct_utf8_ptr() is a function that constructes a UTF string pointer OSSL_PARAM structure. -A parameter with name B, storage pointer B<*buf> and return size B -is created. +A parameter with name B, storage pointer B<*buf>, size B and +return size B is created. OSSL_PARAM_construct_octet_ptr() is a function that constructes an OCTET string pointer OSSL_PARAM structure. -A parameter with name B, storage pointer B<*buf> and return size B -is created. +A parameter with name B, storage pointer B<*buf>, size B and +return size B is created. OSSL_PARAM_construct_end() is a function that constructs the terminating OSSL_PARAM structure. @@ -254,6 +254,13 @@ Integral types will be widened and sign extended as required. Apart from that, the functions must be used appropriately for the expected type of the parameter. +For OSSL_PARAM_get_utf8_ptr() and OSSL_PARAM_get_octet_ptr(), B +is not relevant if the purpose is to send the B array to a +I, i.e. to get parameter data back. +In that case, B can safely be given zero. +See L for further information on the +possible purposes. + =head1 EXAMPLES Reusing the examples from L to just show how diff --git a/include/openssl/params.h b/include/openssl/params.h index cf9ffa8..aea24bb 100644 --- a/include/openssl/params.h +++ b/include/openssl/params.h @@ -132,11 +132,11 @@ OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf, OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, - size_t *rsize); + size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, - size_t *rsize); + size_t bsize, size_t *rsize); OSSL_PARAM OSSL_PARAM_construct_end(void); int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val); diff --git a/test/params_api_test.c b/test/params_api_test.c index a3d2337..df708da 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -475,8 +475,8 @@ static int test_param_construct(void) &sz); params[n++] = OSSL_PARAM_construct_octet_string("octstr", buf, sizeof(buf), &sz); - params[n++] = OSSL_PARAM_construct_utf8_ptr("utf8ptr", &bufp, &sz); - params[n++] = OSSL_PARAM_construct_octet_ptr("octptr", &vp, &sz); + params[n++] = OSSL_PARAM_construct_utf8_ptr("utf8ptr", &bufp, 0, &sz); + params[n++] = OSSL_PARAM_construct_octet_ptr("octptr", &vp, 0, &sz); params[n] = OSSL_PARAM_construct_end(); /* Search failure */ diff --git a/test/params_test.c b/test/params_test.c index 8d456bb..aae91f1 100644 --- a/test/params_test.c +++ b/test/params_test.c @@ -143,8 +143,10 @@ static int raw_set_params(void *vobj, const OSSL_PARAM *params) return 0; } else if (strcmp(params->key, "p5") == 0) { strncpy(obj->p5, params->data, params->data_size); + obj->p5_l = strlen(obj->p5) + 1; } else if (strcmp(params->key, "p6") == 0) { obj->p6 = *(const char **)params->data; + obj->p6_l = params->data_size; } return 1; @@ -233,10 +235,13 @@ static int api_set_params(void *vobj, const OSSL_PARAM *params) char *p5_ptr = obj->p5; if (!TEST_true(OSSL_PARAM_get_utf8_string(p, &p5_ptr, sizeof(obj->p5)))) return 0; + obj->p5_l = strlen(obj->p5) + 1; + } + if ((p = OSSL_PARAM_locate(params, "p6")) != NULL) { + if (!TEST_true(OSSL_PARAM_get_utf8_ptr(p, &obj->p6))) + return 0; + obj->p6_l = strlen(obj->p6) + 1; } - if ((p = OSSL_PARAM_locate(params, "p6")) != NULL - && !TEST_true(OSSL_PARAM_get_utf8_ptr(p, &obj->p6))) - return 0; return 1; } @@ -364,7 +369,8 @@ static const OSSL_PARAM static_raw_params[] = { &bignumbin_l }, { "p4", OSSL_PARAM_UTF8_STRING, &app_p4, sizeof(app_p4), &app_p4_l }, { "p5", OSSL_PARAM_UTF8_STRING, &app_p5, sizeof(app_p5), &app_p5_l }, - { "p6", OSSL_PARAM_UTF8_PTR, &app_p6, sizeof(app_p6), &app_p6_l }, + /* sizeof(app_p6_init), because we know that's what we're using */ + { "p6", OSSL_PARAM_UTF8_PTR, &app_p6, sizeof(app_p6_init), &app_p6_l }, { "foo", OSSL_PARAM_OCTET_STRING, &foo, sizeof(foo), &foo_l }, { NULL, 0, NULL, 0, NULL } }; @@ -377,8 +383,9 @@ static const OSSL_PARAM static_api_params[] = { &app_p4, sizeof(app_p4), &app_p4_l), OSSL_PARAM_DEFN("p5", OSSL_PARAM_UTF8_STRING, &app_p5, sizeof(app_p5), &app_p5_l), + /* sizeof(app_p6_init), because we know that's what we're using */ OSSL_PARAM_DEFN("p6", OSSL_PARAM_UTF8_PTR, - &app_p6, sizeof(app_p6), &app_p6_l), + &app_p6, sizeof(app_p6_init), &app_p6_l), OSSL_PARAM_DEFN("foo", OSSL_PARAM_OCTET_STRING, &foo, sizeof(foo), &foo_l), OSSL_PARAM_END }; @@ -399,8 +406,9 @@ static OSSL_PARAM *construct_api_params(void) &app_p4_l); params[n++] = OSSL_PARAM_construct_utf8_string("p5", app_p5, sizeof(app_p5), &app_p5_l); + /* sizeof(app_p6_init), because we know that's what we're using */ params[n++] = OSSL_PARAM_construct_utf8_ptr("p6", (char **)&app_p6, - &app_p6_l); + sizeof(app_p6_init), &app_p6_l); params[n++] = OSSL_PARAM_construct_octet_string("foo", &foo, sizeof(foo), &foo_l); params[n++] = OSSL_PARAM_construct_end(); @@ -472,7 +480,9 @@ static int test_case_variant(const OSSL_PARAM *params, || !TEST_ptr(BN_native2bn(bignumbin, bignumbin_l, app_p3)) || !TEST_BN_eq(app_p3, verify_p3) /* "provider" value */ || !TEST_str_eq(app_p4, p4_init) /* "provider" value */ + || !TEST_size_t_eq(app_p5_l, sizeof(p5_init)) /* "provider" value */ || !TEST_str_eq(app_p5, p5_init) /* "provider" value */ + || !TEST_size_t_eq(app_p6_l, sizeof(p6_init)) /* "provider" value */ || !TEST_str_eq(app_p6, p6_init) /* "provider" value */ || !TEST_char_eq(foo[0], app_foo_init) /* Should remain untouched */ || !TEST_int_eq(foo_l, sizeof(app_foo_init))) @@ -493,7 +503,11 @@ static int test_case_variant(const OSSL_PARAM *params, || !TEST_double_eq(sneakpeek->p2, p2_init) /* Should remain untouched */ || !TEST_BN_eq(sneakpeek->p3, app_p3) /* app value set */ || !TEST_str_eq(sneakpeek->p4, app_p4) /* app value set */ - || !TEST_str_eq(sneakpeek->p5, app_p5)) /* app value set */ + || !TEST_size_t_eq(sneakpeek->p5_l, app_p5_l) /* app value set */ + || !TEST_str_eq(sneakpeek->p5, app_p5) /* app value set */ + || !TEST_size_t_eq(sneakpeek->p6_l, + sizeof(app_p6_init)) /* app value set */ + || !TEST_str_eq(sneakpeek->p6, app_p6)) /* app value set */ errcnt++; } @@ -515,7 +529,11 @@ static int test_case_variant(const OSSL_PARAM *params, || !TEST_ptr(BN_native2bn(bignumbin, bignumbin_l, app_p3)) || !TEST_BN_eq(app_p3, verify_p3) /* app value */ || !TEST_str_eq(app_p4, app_p4_init) /* app value */ + || !TEST_size_t_eq(app_p5_l, + sizeof(app_p5_init)) /* app value */ || !TEST_str_eq(app_p5, app_p5_init) /* app value */ + || !TEST_size_t_eq(app_p6_l, + sizeof(app_p6_init)) /* app value */ || !TEST_str_eq(app_p6, app_p6_init) /* app value */ || !TEST_char_eq(foo[0], app_foo_init) /* Should remain untouched */ || !TEST_int_eq(foo_l, sizeof(app_foo_init))) From builds at travis-ci.org Tue Apr 9 12:29:19 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Apr 2019 12:29:19 +0000 Subject: Still Failing: openssl/openssl#24636 (master - bbcaef6) In-Reply-To: Message-ID: <5cac901eb63ea_43f9d4bcc278410853f@944fec3a-8ab0-4cd4-bfa5-a0b5b24b6f4c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24636 Status: Still Failing Duration: 18 mins and 14 secs Commit: bbcaef6 (master) Author: Richard Levitte Message: test/params_test.c : Adjust tests to check utf8_ptr sizes Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8703) View the changeset: https://github.com/openssl/openssl/compare/b926f9deb3dc...bbcaef632440 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517756906?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From yang.yang at baishancloud.com Tue Apr 9 12:45:36 2019 From: yang.yang at baishancloud.com (yang.yang at baishancloud.com) Date: Tue, 09 Apr 2019 12:45:36 +0000 Subject: [openssl] master update Message-ID: <1554813936.744813.7181.nullmailer@dev.openssl.org> The branch master has been updated via ccf453610f48fe88968f0cfc63784b503eae33a0 (commit) from bbcaef632440067d173e2c4bfc40dd96ef2c0112 (commit) - Log ----------------------------------------------------------------- commit ccf453610f48fe88968f0cfc63784b503eae33a0 Author: Paul Yang Date: Mon Apr 1 10:21:53 2019 +0900 Make X509_set_sm2_id consistent with other setters This commit makes the X509_set_sm2_id to 'set0' behaviour, which means the memory management is passed to X509 and user doesn't need to free the sm2_id parameter later. API name also changes to X509_set0_sm2_id. Document and test case are also updated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8626) ----------------------------------------------------------------------- Summary of changes: apps/verify.c | 40 +++++++++++++++++++++------------ crypto/include/internal/x509_int.h | 2 +- crypto/x509/x_all.c | 5 ++++- crypto/x509/x_x509.c | 13 ++++++++--- doc/man3/X509_get0_sm2_id.pod | 12 ++++++---- include/openssl/x509.h | 2 +- test/verify_extra_test.c | 46 ++++++++++++++++++++++++++++++++++++++ util/libcrypto.num | 2 +- 8 files changed, 97 insertions(+), 25 deletions(-) diff --git a/apps/verify.c b/apps/verify.c index 67d3276..3767972 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -246,27 +246,37 @@ static int check(X509_STORE *ctx, const char *file, if (sm2id != NULL) { #ifndef OPENSSL_NO_SM2 - ASN1_OCTET_STRING v; + ASN1_OCTET_STRING *v; - v.data = sm2id; - v.length = sm2idlen; + v = ASN1_OCTET_STRING_new(); + if (v == NULL) { + BIO_printf(bio_err, "error: SM2 ID allocation failed\n"); + goto end; + } - X509_set_sm2_id(x, &v); + if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) { + BIO_printf(bio_err, "error: setting SM2 ID failed\n"); + ASN1_OCTET_STRING_free(v); + goto end; + } + + X509_set0_sm2_id(x, v); #endif } csc = X509_STORE_CTX_new(); if (csc == NULL) { - printf("error %s: X.509 store context allocation failed\n", - (file == NULL) ? "stdin" : file); + BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n", + (file == NULL) ? "stdin" : file); goto end; } X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { X509_STORE_CTX_free(csc); - printf("error %s: X.509 store context initialization failed\n", - (file == NULL) ? "stdin" : file); + BIO_printf(bio_err, + "error %s: X.509 store context initialization failed\n", + (file == NULL) ? "stdin" : file); goto end; } if (tchain != NULL) @@ -275,28 +285,30 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) { - printf("%s: OK\n", (file == NULL) ? "stdin" : file); + BIO_printf(bio_out, "%s: OK\n", (file == NULL) ? "stdin" : file); ret = 1; if (show_chain) { int j; chain = X509_STORE_CTX_get1_chain(csc); num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); - printf("Chain:\n"); + BIO_printf(bio_out, "Chain:\n"); for (j = 0; j < sk_X509_num(chain); j++) { X509 *cert = sk_X509_value(chain, j); - printf("depth=%d: ", j); + BIO_printf(bio_out, "depth=%d: ", j); X509_NAME_print_ex_fp(stdout, X509_get_subject_name(cert), 0, get_nameopt()); if (j < num_untrusted) - printf(" (untrusted)"); - printf("\n"); + BIO_printf(bio_out, " (untrusted)"); + BIO_printf(bio_out, "\n"); } sk_X509_pop_free(chain, X509_free); } } else { - printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file); + BIO_printf(bio_err, + "error %s: verification failed\n", + (file == NULL) ? "stdin" : file); } X509_STORE_CTX_free(csc); diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 93f923e..7c40b15 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -184,7 +184,7 @@ struct x509_st { CRYPTO_RWLOCK *lock; volatile int ex_cached; # ifndef OPENSSL_NO_SM2 - ASN1_OCTET_STRING sm2_id; + ASN1_OCTET_STRING *sm2_id; # endif } /* X509 */ ; diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index afcf0b7..9c9e8ff 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -72,7 +72,10 @@ static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid) ret = 0; goto err; } - if (EVP_PKEY_CTX_set1_id(pctx, x->sm2_id.data, x->sm2_id.length) != 1) { + /* NOTE: we tolerate no actual ID, to provide maximum flexibility */ + if (x->sm2_id != NULL + && EVP_PKEY_CTX_set1_id(pctx, x->sm2_id->data, + x->sm2_id->length) != 1) { X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); ret = 0; goto err; diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 901a3e6..78e1a75 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -73,6 +73,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ret->rfc3779_addr = NULL; ret->rfc3779_asid = NULL; #endif +#ifndef OPENSSL_NO_SM2 + ret->sm2_id = NULL; +#endif ret->aux = NULL; ret->crldp = NULL; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data)) @@ -92,6 +95,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); ASIdentifiers_free(ret->rfc3779_asid); #endif +#ifndef OPENSSL_NO_SM2 + ASN1_OCTET_STRING_free(ret->sm2_id); +#endif break; } @@ -246,13 +252,14 @@ int X509_get_signature_nid(const X509 *x) } #ifndef OPENSSL_NO_SM2 -void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id) +void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id) { - x->sm2_id = *sm2_id; + ASN1_OCTET_STRING_free(x->sm2_id); + x->sm2_id = sm2_id; } ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x) { - return &x->sm2_id; + return x->sm2_id; } #endif diff --git a/doc/man3/X509_get0_sm2_id.pod b/doc/man3/X509_get0_sm2_id.pod index 84da71e..9698c86 100644 --- a/doc/man3/X509_get0_sm2_id.pod +++ b/doc/man3/X509_get0_sm2_id.pod @@ -2,20 +2,24 @@ =head1 NAME -X509_get0_sm2_id, X509_set_sm2_id - get or set SM2 ID for certificate operations +X509_get0_sm2_id, X509_set0_sm2_id - get or set SM2 ID for certificate operations =head1 SYNOPSIS #include ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); - void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); + void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); =head1 DESCRIPTION X509_get0_sm2_id() gets the ID value of an SM2 certificate B by returning an B object which should not be freed by the caller. -X509_set_sm2_id() sets the B value to an SM2 certificate B. + +X509_set0_sm2_id() sets the B value to an SM2 certificate B. Calling +this function transfers the memory management of the value to the X509 object, +and therefore the value that has been passed in should not be freed by the +caller after this function has been called. =head1 NOTES @@ -25,7 +29,7 @@ ability to set and retrieve the SM2 ID value. =head1 RETURN VALUES -X509_set_sm2_id() does not return a value. +X509_set0_sm2_id() does not return a value. =head1 SEE ALSO diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 4de88bd..7f80da3 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -567,7 +567,7 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig, int X509_get_signature_nid(const X509 *x); # ifndef OPENSSL_NO_SM2 -void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); +void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); # endif diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 468de62..f16b3f0 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -8,6 +8,7 @@ */ #include +#include #include #include #include @@ -177,6 +178,48 @@ static int test_store_ctx(void) OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n") +#ifndef OPENSSL_NO_SM2 +static int test_sm2_id(void) +{ + /* we only need an X509 structure, no matter if it's a real SM2 cert */ + X509 *x = NULL; + BIO *bio = NULL; + int ret = 0; + ASN1_OCTET_STRING *v = NULL, *v2 = NULL; + char *sm2id = "this is an ID"; + + bio = BIO_new_file(bad_f, "r"); + if (bio == NULL) + goto err; + + x = PEM_read_bio_X509(bio, NULL, 0, NULL); + if (x == NULL) + goto err; + + v = ASN1_OCTET_STRING_new(); + if (v == NULL) + goto err; + + if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) { + ASN1_OCTET_STRING_free(v); + goto err; + } + + X509_set0_sm2_id(x, v); + + v2 = X509_get0_sm2_id(x); + if (!TEST_ptr(v2) + || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) + goto err; + + ret = 1; + err: + X509_free(x); + BIO_free(bio); + return ret; +} +#endif + int setup_tests(void) { if (!TEST_ptr(roots_f = test_get_argument(0)) @@ -186,5 +229,8 @@ int setup_tests(void) ADD_TEST(test_alt_chains_cert_forgery); ADD_TEST(test_store_ctx); +#ifndef OPENSSL_NO_SM2 + ADD_TEST(test_sm2_id); +#endif return 1; } diff --git a/util/libcrypto.num b/util/libcrypto.num index d275e57..9569bf4 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4788,7 +4788,7 @@ OSSL_PARAM_get_utf8_ptr 4735 3_0_0 EXIST::FUNCTION: OSSL_PARAM_set_utf8_ptr 4736 3_0_0 EXIST::FUNCTION: OSSL_PARAM_get_octet_ptr 4737 3_0_0 EXIST::FUNCTION: OSSL_PARAM_set_octet_ptr 4738 3_0_0 EXIST::FUNCTION: -X509_set_sm2_id 4739 3_0_0 EXIST::FUNCTION:SM2 +X509_set0_sm2_id 4739 3_0_0 EXIST::FUNCTION:SM2 X509_get0_sm2_id 4740 3_0_0 EXIST::FUNCTION:SM2 EVP_PKEY_get0_engine 4741 3_0_0 EXIST::FUNCTION:ENGINE EVP_MD_upref 4742 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Tue Apr 9 13:05:38 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 09 Apr 2019 13:05:38 +0000 Subject: Still Failing: openssl/openssl#24637 (master - ccf4536) In-Reply-To: Message-ID: <5cac98a293428_43fcafdc5f0dc24717d@5127a788-d860-4da3-9935-48b513c54c58.mail> Build Update for openssl/openssl ------------------------------------- Build: #24637 Status: Still Failing Duration: 19 mins and 31 secs Commit: ccf4536 (master) Author: Paul Yang Message: Make X509_set_sm2_id consistent with other setters This commit makes the X509_set_sm2_id to 'set0' behaviour, which means the memory management is passed to X509 and user doesn't need to free the sm2_id parameter later. API name also changes to X509_set0_sm2_id. Document and test case are also updated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8626) View the changeset: https://github.com/openssl/openssl/compare/bbcaef632440...ccf453610f48 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517772351?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Apr 9 22:18:29 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Apr 2019 22:18:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1554848309.473275.3091.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: ccf453610f Make X509_set_sm2_id consistent with other setters bbcaef6324 test/params_test.c : Adjust tests to check utf8_ptr sizes f55ed701a4 Params API: {utf8,octet}_ptr need to know the data size b926f9deb3 Fix crash in X509_STORE_CTX_get_by_subject d030892312 Add a legacy provider and put MD2 in it dc46e3dde5 Use the right NID when putting a method in the store 68ca1737ce Configurations/10-main.conf: Don't inherit assembler in Cygwin-common 195852fefc Params: add OSSL_PARAM_construct_end() bb315ca716 EC keygen updates + changed ecdsa_sign to use BN_secure_new 97cc9c9b01 Coverity: hkdf ENV_MD_size() is an int that can be negative Build log ended with (last 100 lines): /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:216: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_stack_malloc_2' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_stack_malloc_1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:178: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:179: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:180: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:181: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:182: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:183: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:189: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:190: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:203: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:205: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:209: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_register_globals' crypto/sha/fips-dso-sha256.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_unregister_globals' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__asan_report_store8' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:43: undefined reference to `__asan_memcpy' providers/common/digests/fips-dso-sha2.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_register_globals' providers/common/digests/fips-dso-sha2.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55Makefile:6956: recipe for target 'test/p_test.so' failed : undefined reference to `make[1]: *** [test/p_test.so] Error 1 __asan_unregister_globals' make[1]: *** Waiting for unfinished jobs.... providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__asan_report_store8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:63: undefined reference to `__asan_report_store4' providers/fips/fips-dso-fipsprov.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_register_globals' providers/fips/fips-dso-fipsprov.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_unregister_globals' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Wed Apr 10 05:07:58 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Apr 2019 05:07:58 +0000 Subject: Build failed: openssl master.24057 Message-ID: <20190410050758.1.FFBCF29884FB156C@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Apr 10 05:17:52 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Apr 2019 05:17:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1554873472.851244.10125.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: ccf453610f Make X509_set_sm2_id consistent with other setters bbcaef6324 test/params_test.c : Adjust tests to check utf8_ptr sizes f55ed701a4 Params API: {utf8,octet}_ptr need to know the data size b926f9deb3 Fix crash in X509_STORE_CTX_get_by_subject d030892312 Add a legacy provider and put MD2 in it dc46e3dde5 Use the right NID when putting a method in the store 68ca1737ce Configurations/10-main.conf: Don't inherit assembler in Cygwin-common 195852fefc Params: add OSSL_PARAM_construct_end() bb315ca716 EC keygen updates + changed ecdsa_sign to use BN_secure_new 97cc9c9b01 Coverity: hkdf ENV_MD_size() is an int that can be negative Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:22: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:106: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:120: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: more undefined references to `__afl_prev_loc' follow test/p_test-dso-p_test.o: In function `p_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: undefined reference to `__afl_area_ptr' test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:74: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:83: more undefined references to `__afl_prev_loc' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6956: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Wed Apr 10 05:50:24 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Apr 2019 05:50:24 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554875424.521066.15023.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5fba3afad01707f4a8856a35500de007a8a256ec (commit) from 0c45bd8dae287a286583dca682eafcfa5a5d4469 (commit) - Log ----------------------------------------------------------------- commit 5fba3afad01707f4a8856a35500de007a8a256ec Author: Richard Levitte Date: Mon Apr 1 06:40:33 2019 +0200 Rework DSO API conditions and configuration option 'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8622) ----------------------------------------------------------------------- Summary of changes: Configure | 23 ++++++++++------------- INSTALL | 3 --- crypto/dso/dso_openssl.c | 2 +- crypto/include/internal/dso_conf.h.in | 5 +++-- crypto/init.c | 10 ++++------ include/internal/dsoerr.h | 7 ++----- 6 files changed, 20 insertions(+), 30 deletions(-) diff --git a/Configure b/Configure index c2716ad..114ee9b 100755 --- a/Configure +++ b/Configure @@ -24,7 +24,7 @@ use OpenSSL::Glob; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -58,8 +58,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # [no-]pic [don't] try to build position independent code when supported. # If disabled, it also disables shared and dynamic-engine. # no-asm do not use assembler -# no-dso do not compile in any native shared-library methods. This -# will ensure that all methods just return NULL. # no-egd do not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared @@ -75,7 +73,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # -static while -static is also a pass-through compiler option (and # as such is limited to environments where it's actually # meaningful), it triggers a number configuration options, -# namely no-dso, no-pic, no-shared and no-threads. It is +# namely no-pic, no-shared and no-threads. It is # argued that the only reason to produce statically linked # binaries (and in context it means executables linked with # -static flag, and not just executables linked with static @@ -357,7 +355,6 @@ my @disablables = ( "dgram", "dh", "dsa", - "dso", "dtls", "dynamic-engine", "ec", @@ -435,6 +432,7 @@ my %deprecated_disablables = ( "buf-freelists" => undef, "ripemd" => "rmd160", "ui" => "ui-console", + "dso" => "", # Empty string means we're silent about it ); # All of the following are disabled by default: @@ -487,9 +485,6 @@ my @disable_cascades = ( "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], - # Without DSO, we can't load dynamic engines, so don't build them dynamic - "dso" => [ "dynamic-engine" ], - # Without position independent code, there can be no shared libraries or DSOs "pic" => [ "shared" ], "shared" => [ "dynamic-engine" ], @@ -721,10 +716,13 @@ while (@argvcopy) } elsif (exists $deprecated_disablables{$1}) { - $deprecated_options{$_} = 1; - if (defined $deprecated_disablables{$1}) + if ($deprecated_disablables{$1} ne "") { - $disabled{$deprecated_disablables{$1}} = "option"; + $deprecated_options{$_} = 1; + if (defined $deprecated_disablables{$1}) + { + $disabled{$deprecated_disablables{$1}} = "option"; + } } } else @@ -862,7 +860,6 @@ while (@argvcopy) elsif (/^-static$/) { push @{$useradd{LDFLAGS}}, $_; - $disabled{"dso"} = "forced"; $disabled{"pic"} = "forced"; $disabled{"shared"} = "forced"; $disabled{"threads"} = "forced"; @@ -1189,7 +1186,7 @@ my %disabled_info = (); # For configdata.pm foreach my $what (sort keys %disabled) { $config{options} .= " no-$what"; - if (!grep { $what eq $_ } ( 'dso', 'threads', 'shared', 'pic', + if (!grep { $what eq $_ } ( 'threads', 'shared', 'pic', 'dynamic-engine', 'makedepend', 'zlib-dynamic', 'zlib', 'sse2' )) { (my $WHAT = uc $what) =~ s|-|_|g; diff --git a/INSTALL b/INSTALL index 7fe55d4..7dd051c 100644 --- a/INSTALL +++ b/INSTALL @@ -331,9 +331,6 @@ on BSD implementations, in which case it can be disabled with no-devcryptoeng. - no-dso - Don't build support for loading Dynamic Shared Objects. - no-dynamic-engine Don't build the dynamically loaded engines. This only has an effect in a "shared" build diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c index 6626331..eeebd98 100644 --- a/crypto/dso/dso_openssl.c +++ b/crypto/dso/dso_openssl.c @@ -9,7 +9,7 @@ #include "dso_locl.h" -#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) && !defined(DSO_WIN32) && !defined(DSO_DLFCN) +#ifdef DSO_NONE static DSO_METHOD dso_meth_null = { "NULL shared library method" diff --git a/crypto/include/internal/dso_conf.h.in b/crypto/include/internal/dso_conf.h.in index d6e9d1b..17fae7d 100644 --- a/crypto/include/internal/dso_conf.h.in +++ b/crypto/include/internal/dso_conf.h.in @@ -10,7 +10,6 @@ #ifndef HEADER_DSO_CONF_H # define HEADER_DSO_CONF_H -{- output_off() if $disabled{dso} -} {- # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform @@ -18,6 +17,9 @@ # by a define "DSO_" ... we translate the "dso_scheme" config # string entry into using the following logic; my $scheme = uc $target{dso_scheme}; + if (!$scheme) { + $scheme = "NONE"; + } my @macros = ( "DSO_$scheme" ); if ($scheme eq 'DLFCN') { @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" ); @@ -26,5 +28,4 @@ } join("\n", map { "# define $_" } @macros); -} # define DSO_EXTENSION "{- $target{dso_extension} -}" -{- output_on() if $disabled{dso} -} #endif diff --git a/crypto/init.c b/crypto/init.c index afb2133..62626a7 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -161,8 +161,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n"); #endif -#if !defined(OPENSSL_NO_DSO) \ - && !defined(OPENSSL_USE_NODELETE) \ +#if !defined(OPENSSL_USE_NODELETE) \ && !defined(OPENSSL_NO_PINSHARED) # if defined(DSO_WIN32) && !defined(_WIN32_WCE) { @@ -180,7 +179,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) # endif return (ret == TRUE) ? 1 : 0; } -# else +# elif !defined(DSO_NONE) /* * Deliberately leak a reference to ourselves. This will force the library * to remain loaded until the atexit() handler is run at process exit. @@ -764,8 +763,7 @@ int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; -#if !defined(OPENSSL_NO_DSO) \ - && !defined(OPENSSL_USE_NODELETE)\ +#if !defined(OPENSSL_USE_NODELETE)\ && !defined(OPENSSL_NO_PINSHARED) { union { @@ -790,7 +788,7 @@ int OPENSSL_atexit(void (*handler)(void)) if (!ret) return 0; } -# else +# elif !defined(DSO_NONE) /* * Deliberately leak a reference to the handler. This will force the * library/code containing the handler to remain loaded until we run the diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h index a54a185..305bde5 100644 --- a/include/internal/dsoerr.h +++ b/include/internal/dsoerr.h @@ -13,11 +13,9 @@ # include -# ifndef OPENSSL_NO_DSO - -# ifdef __cplusplus +# ifdef __cplusplus extern "C" -# endif +# endif int ERR_load_DSO_strings(void); /* @@ -79,5 +77,4 @@ int ERR_load_DSO_strings(void); # define DSO_R_UNLOAD_FAILED 107 # define DSO_R_UNSUPPORTED 108 -# endif #endif From levitte at openssl.org Wed Apr 10 05:53:01 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Apr 2019 05:53:01 +0000 Subject: [openssl] master update Message-ID: <1554875581.051588.19497.nullmailer@dev.openssl.org> The branch master has been updated via dcb982d792d6064ed3493e79749208d8c257ff04 (commit) from ccf453610f48fe88968f0cfc63784b503eae33a0 (commit) - Log ----------------------------------------------------------------- commit dcb982d792d6064ed3493e79749208d8c257ff04 Author: Richard Levitte Date: Fri Apr 5 01:22:14 2019 +0200 EVP_*Update: ensure that input NULL with length 0 isn't passed Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8676) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 7fdf759..641ad19 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -305,6 +305,11 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; + if (inl <= 0) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -320,10 +325,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -457,6 +458,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; + if (inl <= 0) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -472,11 +478,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); From levitte at openssl.org Wed Apr 10 05:53:41 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Apr 2019 05:53:41 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554875621.105303.21256.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 130b7df2db7d35af75ddf56046afdd1a57a2aea8 (commit) from 5fba3afad01707f4a8856a35500de007a8a256ec (commit) - Log ----------------------------------------------------------------- commit 130b7df2db7d35af75ddf56046afdd1a57a2aea8 Author: Richard Levitte Date: Fri Apr 5 01:22:14 2019 +0200 EVP_*Update: ensure that input NULL with length 0 isn't passed Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8676) (cherry picked from commit dcb982d792d6064ed3493e79749208d8c257ff04) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 05dd791..bdec227 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -305,6 +305,11 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; + if (inl <= 0) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -320,10 +325,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -457,6 +458,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; + if (inl <= 0) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -472,11 +478,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); From builds at travis-ci.org Wed Apr 10 06:07:05 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 06:07:05 +0000 Subject: Still Failing: openssl/openssl#24653 (OpenSSL_1_1_1-stable - 5fba3af) In-Reply-To: Message-ID: <5cad880945e98_43fc3aef3de30129340@6eee3883-ff75-40e2-b321-a02bf3c4645c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24653 Status: Still Failing Duration: 15 mins and 49 secs Commit: 5fba3af (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: Rework DSO API conditions and configuration option 'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8622) View the changeset: https://github.com/openssl/openssl/compare/0c45bd8dae28...5fba3afad017 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518126911?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 10 06:20:31 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 06:20:31 +0000 Subject: Still Failing: openssl/openssl#24654 (master - dcb982d) In-Reply-To: Message-ID: <5cad8b2f56977_43fc3abb5cbe81323e9@6eee3883-ff75-40e2-b321-a02bf3c4645c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24654 Status: Still Failing Duration: 26 mins and 6 secs Commit: dcb982d (master) Author: Richard Levitte Message: EVP_*Update: ensure that input NULL with length 0 isn't passed Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8676) View the changeset: https://github.com/openssl/openssl/compare/ccf453610f48...dcb982d792d6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518127554?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 10 06:37:07 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 06:37:07 +0000 Subject: Errored: openssl/openssl#24655 (OpenSSL_1_1_1-stable - 130b7df) In-Reply-To: Message-ID: <5cad8f12f081b_43f9d467248e030653b@944fec3a-8ab0-4cd4-bfa5-a0b5b24b6f4c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24655 Status: Errored Duration: 30 mins and 30 secs Commit: 130b7df (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: EVP_*Update: ensure that input NULL with length 0 isn't passed Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8676) (cherry picked from commit dcb982d792d6064ed3493e79749208d8c257ff04) View the changeset: https://github.com/openssl/openssl/compare/5fba3afad017...130b7df2db7d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518127727?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 10 08:20:14 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Apr 2019 08:20:14 +0000 Subject: Build failed: openssl master.24065 Message-ID: <20190410082014.1.6F04B23441CBC4D9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 10 08:37:01 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Apr 2019 08:37:01 +0000 Subject: Build failed: openssl master.24066 Message-ID: <20190410083701.1.880E6DB3A85A8E0A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 10 08:59:41 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Apr 2019 08:59:41 +0000 Subject: Build failed: openssl master.24067 Message-ID: <20190410085941.1.DC15F32F337FBCC3@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Apr 10 10:13:57 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Apr 2019 10:13:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1554891237.444228.30885.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: ccf453610f Make X509_set_sm2_id consistent with other setters bbcaef6324 test/params_test.c : Adjust tests to check utf8_ptr sizes f55ed701a4 Params API: {utf8,octet}_ptr need to know the data size b926f9deb3 Fix crash in X509_STORE_CTX_get_by_subject d030892312 Add a legacy provider and put MD2 in it dc46e3dde5 Use the right NID when putting a method in the store 68ca1737ce Configurations/10-main.conf: Don't inherit assembler in Cygwin-common 195852fefc Params: add OSSL_PARAM_construct_end() bb315ca716 EC keygen updates + changed ecdsa_sign to use BN_secure_new 97cc9c9b01 Coverity: hkdf ENV_MD_size() is an int that can be negative Build log ended with (last 100 lines): /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: more undefined references to `__ubsan_handle_shift_out_of_bounds_abort' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:202: undefined reference to `__ubsan_handle_add_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-ubsan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:63: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12768: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:120: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: undefined reference to `__ubsan_handle_pointer_overflow_abort' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12844: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Wed Apr 10 11:22:59 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Apr 2019 11:22:59 +0000 Subject: [openssl] master update Message-ID: <1554895379.038207.10707.nullmailer@dev.openssl.org> The branch master has been updated via ee215c7eea91f193d4765127eb31332758753058 (commit) from dcb982d792d6064ed3493e79749208d8c257ff04 (commit) - Log ----------------------------------------------------------------- commit ee215c7eea91f193d4765127eb31332758753058 Author: Jakub Wilk Date: Wed Apr 10 12:00:20 2019 +0200 Fix typos CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8714) ----------------------------------------------------------------------- Summary of changes: apps/include/fmt.h | 4 ++-- ssl/ssl_locl.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/include/fmt.h b/apps/include/fmt.h index 538a20a..e3da9a4 100644 --- a/apps/include/fmt.h +++ b/apps/include/fmt.h @@ -32,8 +32,8 @@ # define FORMAT_PKCS12 6 # define FORMAT_SMIME (7 | B_FORMAT_TEXT) # define FORMAT_ENGINE 8 /* Not really a file format */ -# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */ -# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */ +# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */ +# define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */ # define FORMAT_MSBLOB 11 /* MS Key blob format */ # define FORMAT_PVK 12 /* MS PVK file format */ # define FORMAT_HTTP 13 /* Download using HTTP */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1d3397d..a5df3cf 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1527,7 +1527,7 @@ typedef struct cert_pkey_st CERT_PKEY; * CERT_PKEY entries */ typedef struct { - int nid; /* NID of pubic key algorithm */ + int nid; /* NID of public key algorithm */ uint32_t amask; /* authmask corresponding to key type */ } SSL_CERT_LOOKUP; From levitte at openssl.org Wed Apr 10 11:24:34 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Apr 2019 11:24:34 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554895474.553114.13555.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 24686b26548608d43e2816a65ee977b1e8c763b2 (commit) from 130b7df2db7d35af75ddf56046afdd1a57a2aea8 (commit) - Log ----------------------------------------------------------------- commit 24686b26548608d43e2816a65ee977b1e8c763b2 Author: Jakub Wilk Date: Wed Apr 10 12:00:20 2019 +0200 Fix typos CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8714) (cherry picked from commit ee215c7eea91f193d4765127eb31332758753058) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_locl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 33db146..0cf3893 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1515,7 +1515,7 @@ typedef struct cert_pkey_st CERT_PKEY; * CERT_PKEY entries */ typedef struct { - int nid; /* NID of pubic key algorithm */ + int nid; /* NID of public key algorithm */ uint32_t amask; /* authmask corresponding to key type */ } SSL_CERT_LOOKUP; From builds at travis-ci.org Wed Apr 10 11:42:11 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 11:42:11 +0000 Subject: Still Failing: openssl/openssl#24673 (master - ee215c7) In-Reply-To: Message-ID: <5cadd69367db_43fedfa1173581828bc@787e5184-39cf-4ba7-88f4-20e768b43b85.mail> Build Update for openssl/openssl ------------------------------------- Build: #24673 Status: Still Failing Duration: 18 mins and 35 secs Commit: ee215c7 (master) Author: Jakub Wilk Message: Fix typos CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8714) View the changeset: https://github.com/openssl/openssl/compare/dcb982d792d6...ee215c7eea91 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518247088?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 10 11:55:38 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 11:55:38 +0000 Subject: Failed: openssl/openssl#24674 (OpenSSL_1_1_1-stable - 24686b2) In-Reply-To: Message-ID: <5cadd9b9d9365_43fa33d07d850189347@ea4d3f93-9345-4c7a-9ed4-a995cb97b21e.mail> Build Update for openssl/openssl ------------------------------------- Build: #24674 Status: Failed Duration: 27 mins and 48 secs Commit: 24686b2 (OpenSSL_1_1_1-stable) Author: Jakub Wilk Message: Fix typos CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8714) (cherry picked from commit ee215c7eea91f193d4765127eb31332758753058) View the changeset: https://github.com/openssl/openssl/compare/130b7df2db7d...24686b265486 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518247592?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 10 14:45:43 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Apr 2019 14:45:43 +0000 Subject: Build failed: openssl master.24081 Message-ID: <20190410144543.1.B622A2BF94A0E6A5@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Wed Apr 10 18:23:58 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 10 Apr 2019 18:23:58 +0000 Subject: [openssl] master update Message-ID: <1554920638.930356.10507.nullmailer@dev.openssl.org> The branch master has been updated via 491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03 (commit) from ee215c7eea91f193d4765127eb31332758753058 (commit) - Log ----------------------------------------------------------------- commit 491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03 Author: Bernd Edlinger Date: Sun Mar 31 13:56:23 2019 +0200 Avoid creating invalid rsa pss params Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8621) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_ameth.c | 4 +++- test/recipes/80-test_cms.t | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 139415e..82d1d56 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -583,10 +583,12 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) return NULL; if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); - } else if (saltlen == -2) { + } else if (saltlen == -2 || saltlen == -3) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; if ((EVP_PKEY_bits(pk) & 0x7) == 1) saltlen--; + if (saltlen < 0) + return NULL; } return rsa_pss_params_create(sigmd, mgf1md, saltlen); diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 76f1ec2..7beebcc 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -324,6 +324,14 @@ my @smime_cms_param_tests = ( "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] ], + [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=-3", + [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", + "-keyopt", "rsa_pss_saltlen:-3", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr", "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", From bernd.edlinger at hotmail.de Wed Apr 10 18:25:07 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 10 Apr 2019 18:25:07 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554920707.369259.12862.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via d8ceb246079a929461c0193255c8309348a0614c (commit) from 24686b26548608d43e2816a65ee977b1e8c763b2 (commit) - Log ----------------------------------------------------------------- commit d8ceb246079a929461c0193255c8309348a0614c Author: Bernd Edlinger Date: Sun Mar 31 13:56:23 2019 +0200 Avoid creating invalid rsa pss params Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8621) (cherry picked from commit 491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_ameth.c | 4 +++- test/recipes/80-test_cms.t | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 75debb3..637b02c 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -583,10 +583,12 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) return NULL; if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); - } else if (saltlen == -2) { + } else if (saltlen == -2 || saltlen == -3) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; if ((EVP_PKEY_bits(pk) & 0x7) == 1) saltlen--; + if (saltlen < 0) + return NULL; } return rsa_pss_params_create(sigmd, mgf1md, saltlen); diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index f038bea..52b822e 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -308,6 +308,14 @@ my @smime_cms_param_tests = ( "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] ], + [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=-3", + [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", + "-keyopt", "rsa_pss_saltlen:-3", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr", "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", From builds at travis-ci.org Wed Apr 10 18:44:24 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 18:44:24 +0000 Subject: Still Failing: openssl/openssl#24681 (master - 491360e) In-Reply-To: Message-ID: <5cae3987a03eb_43f8c79ee740c39011a@d285532f-b9f5-4045-8f4c-f3c8f81a88c2.mail> Build Update for openssl/openssl ------------------------------------- Build: #24681 Status: Still Failing Duration: 19 mins and 48 secs Commit: 491360e (master) Author: Bernd Edlinger Message: Avoid creating invalid rsa pss params Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8621) View the changeset: https://github.com/openssl/openssl/compare/ee215c7eea91...491360e7ab2f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518430353?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 10 18:56:34 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 18:56:34 +0000 Subject: Still Failing: openssl/openssl#24682 (OpenSSL_1_1_1-stable - d8ceb24) In-Reply-To: Message-ID: <5cae3c62122b4_43f8c7a9e1e34393713@d285532f-b9f5-4045-8f4c-f3c8f81a88c2.mail> Build Update for openssl/openssl ------------------------------------- Build: #24682 Status: Still Failing Duration: 27 mins and 19 secs Commit: d8ceb24 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Avoid creating invalid rsa pss params Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8621) (cherry picked from commit 491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03) View the changeset: https://github.com/openssl/openssl/compare/24686b265486...d8ceb246079a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518430708?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Apr 10 22:18:55 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Apr 2019 22:18:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1554934735.700759.16291.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 491360e7ab Avoid creating invalid rsa pss params ee215c7eea Fix typos dcb982d792 EVP_*Update: ensure that input NULL with length 0 isn't passed Build log ended with (last 100 lines): /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:216: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_stack_malloc_2' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_stack_malloc_1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:178: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:179: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:180: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:181: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:182: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:183: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:189: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:190clang: undefined reference to `: error: linker command failed with exit code 1 (use -v to see invocation) __asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:203: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:205: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:209: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_register_globals' crypto/sha/fips-dso-sha256.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_unregister_globals' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__asan_report_store8' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:43: undefined reference to `__asan_memcpy' providers/common/digests/fips-dso-sha2.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_register_globals' providers/common/digests/fips-dso-sha2.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_unregister_globals' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__asan_report_store8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:63: undefined reference to `__asan_report_store4' providers/fips/fips-dso-fipsprov.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_register_globals' providers/fips/fips-dso-fipsprov.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_unregister_globals' Makefile:6956: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: *** Waiting for unfinished jobs.... clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Wed Apr 10 22:41:16 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 10 Apr 2019 22:41:16 +0000 Subject: [openssl] master update Message-ID: <1554936076.779833.10464.nullmailer@dev.openssl.org> The branch master has been updated via 3a86f1db282569c538273cc48462a3fa5fcffa39 (commit) from 491360e7ab2f09fdaadfcd9ff84c425c8f4e5b03 (commit) - Log ----------------------------------------------------------------- commit 3a86f1db282569c538273cc48462a3fa5fcffa39 Author: Shane Lontis Date: Mon Apr 8 15:22:18 2019 +1000 Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8697) ----------------------------------------------------------------------- Summary of changes: crypto/ec/curve25519.c | 3 ++- crypto/ec/curve448/curve448utils.h | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index 7d12c5d..ca2b6cc 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,6 +254,7 @@ static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32], #if defined(X25519_ASM) \ || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \ && !defined(__sparc__) \ + && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \ && !(defined(__ANDROID__) && !defined(__clang__)) ) /* * Base 2^51 implementation. It's virtually no different from reference diff --git a/crypto/ec/curve448/curve448utils.h b/crypto/ec/curve448/curve448utils.h index 9c4952b..0ac69a6 100644 --- a/crypto/ec/curve448/curve448utils.h +++ b/crypto/ec/curve448/curve448utils.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015 Cryptography Research, Inc. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -24,7 +24,9 @@ */ # ifndef C448_WORD_BITS # if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \ - && !defined(__sparc__) + && !defined(__sparc__) \ + && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) + # define C448_WORD_BITS 64 /* The number of bits in a word */ # else # define C448_WORD_BITS 32 /* The number of bits in a word */ From pauli at openssl.org Wed Apr 10 22:42:29 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 10 Apr 2019 22:42:29 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1554936149.351923.11771.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via dbd233b8038a0daba891335548d95a0d6f26807d (commit) from d8ceb246079a929461c0193255c8309348a0614c (commit) - Log ----------------------------------------------------------------- commit dbd233b8038a0daba891335548d95a0d6f26807d Author: Shane Lontis Date: Mon Apr 8 15:22:18 2019 +1000 Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8697) (cherry picked from commit 3a86f1db282569c538273cc48462a3fa5fcffa39) ----------------------------------------------------------------------- Summary of changes: crypto/ec/curve25519.c | 3 ++- crypto/ec/curve448/curve448utils.h | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index aa999cc..c5d887e 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,6 +254,7 @@ static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32], #if defined(X25519_ASM) \ || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \ && !defined(__sparc__) \ + && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \ && !(defined(__ANDROID__) && !defined(__clang__)) ) /* * Base 2^51 implementation. It's virtually no different from reference diff --git a/crypto/ec/curve448/curve448utils.h b/crypto/ec/curve448/curve448utils.h index 9bf8379..9032bb4 100644 --- a/crypto/ec/curve448/curve448utils.h +++ b/crypto/ec/curve448/curve448utils.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -24,7 +24,9 @@ */ # ifndef C448_WORD_BITS # if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \ - && !defined(__sparc__) + && !defined(__sparc__) \ + && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) + # define C448_WORD_BITS 64 /* The number of bits in a word */ # else # define C448_WORD_BITS 32 /* The number of bits in a word */ From pauli at openssl.org Wed Apr 10 22:52:51 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 10 Apr 2019 22:52:51 +0000 Subject: [openssl] master update Message-ID: <1554936771.251798.17346.nullmailer@dev.openssl.org> The branch master has been updated via 6c7d80ab3b2a13074ca270a6d056c59ac431155a (commit) from 3a86f1db282569c538273cc48462a3fa5fcffa39 (commit) - Log ----------------------------------------------------------------- commit 6c7d80ab3b2a13074ca270a6d056c59ac431155a Author: Pauli Date: Thu Apr 11 08:52:22 2019 +1000 Reseeding without derivation function is not supported in FIPS mode. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8648) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 3 +++ crypto/rand/drbg_ctr.c | 6 ++++++ crypto/rand/rand_err.c | 5 ++++- include/openssl/randerr.h | 2 ++ test/drbg_cavs_test.c | 5 +++++ test/drbgtest.c | 9 +++++++-- 6 files changed, 27 insertions(+), 3 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a3d15c9..18aa16c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1103,6 +1103,7 @@ PROP_F_PARSE_OCT:105:parse_oct PROP_F_PARSE_STRING:106:parse_string PROP_F_PARSE_UNQUOTED:107:parse_unquoted RAND_F_DRBG_BYTES:101:drbg_bytes +RAND_F_DRBG_CTR_INIT:125:drbg_ctr_init RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy RAND_F_DRBG_SETUP:117:drbg_setup RAND_F_GET_ENTROPY:106:get_entropy @@ -2607,6 +2608,8 @@ RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long RAND_R_ALREADY_INSTANTIATED:103:already instantiated RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range RAND_R_CANNOT_OPEN_FILE:121:Cannot open file +RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS:137:\ + derivation function mandatory for fips RAND_R_DRBG_ALREADY_INITIALIZED:129:drbg already initialized RAND_R_DRBG_NOT_INITIALISED:104:drbg not initialised RAND_R_ENTROPY_INPUT_TOO_LONG:106:entropy input too long diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index 0f99925..4c11e65 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -422,6 +422,11 @@ int drbg_ctr_init(RAND_DRBG *drbg) drbg->max_perslen = DRBG_MAX_LENGTH; drbg->max_adinlen = DRBG_MAX_LENGTH; } else { +#ifdef FIPS_MODE + RANDerr(RAND_F_DRBG_CTR_INIT, + RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS); + return 0; +#else drbg->min_entropylen = drbg->seedlen; drbg->max_entropylen = drbg->seedlen; /* Nonce not used */ @@ -429,6 +434,7 @@ int drbg_ctr_init(RAND_DRBG *drbg) drbg->max_noncelen = 0; drbg->max_perslen = drbg->seedlen; drbg->max_adinlen = drbg->seedlen; +#endif } drbg->max_request = 1 << 16; diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index c899613..5c0dc3d 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = { {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_CTR_INIT, 0), "drbg_ctr_init"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"}, @@ -60,6 +61,8 @@ static const ERR_STRING_DATA RAND_str_reasons[] = { {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE), "argument out of range"}, {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS), + "derivation function mandatory for fips"}, {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED), "drbg already initialized"}, {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED), diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index 26c20ae..bc1c063 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -24,6 +24,7 @@ int ERR_load_RAND_strings(void); * RAND function codes. */ # define RAND_F_DRBG_BYTES 101 +# define RAND_F_DRBG_CTR_INIT 125 # define RAND_F_DRBG_GET_ENTROPY 105 # define RAND_F_DRBG_SETUP 117 # define RAND_F_GET_ENTROPY 106 @@ -56,6 +57,7 @@ int ERR_load_RAND_strings(void); # define RAND_R_ALREADY_INSTANTIATED 103 # define RAND_R_ARGUMENT_OUT_OF_RANGE 105 # define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS 137 # define RAND_R_DRBG_ALREADY_INITIALIZED 129 # define RAND_R_DRBG_NOT_INITIALISED 104 # define RAND_R_ENTROPY_INPUT_TOO_LONG 106 diff --git a/test/drbg_cavs_test.c b/test/drbg_cavs_test.c index 99d4472..8138269 100644 --- a/test/drbg_cavs_test.c +++ b/test/drbg_cavs_test.c @@ -254,6 +254,11 @@ static int test_cavs_kats(const struct drbg_kat *test[], int i) const struct drbg_kat *td = test[i]; int rv = 0; +#ifdef FIPS_MODE + /* FIPS mode doesn't support instantiating without a derivation function */ + if ((td->flags & USE_DF) == 0) + return 1; +#endif switch (td->type) { case NO_RESEED: if (!single_kat_no_reseed(td)) diff --git a/test/drbgtest.c b/test/drbgtest.c index 652b93a..ca45a8f 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -104,9 +104,12 @@ typedef struct drbg_selftest_data_st { make_drbg_test_data(nid, 0, pr, p) static DRBG_SELFTEST_DATA drbg_test[] = { +#ifndef FIPS_MODE + /* FIPS mode doesn't support CTR DRBG without a derivation function */ make_drbg_test_data_no_df (NID_aes_128_ctr, aes_128_no_df, 0), make_drbg_test_data_no_df (NID_aes_192_ctr, aes_192_no_df, 0), make_drbg_test_data_no_df (NID_aes_256_ctr, aes_256_no_df, 1), +#endif make_drbg_test_data_use_df(NID_aes_128_ctr, aes_128_use_df, 0), make_drbg_test_data_use_df(NID_aes_192_ctr, aes_192_use_df, 0), make_drbg_test_data_use_df(NID_aes_256_ctr, aes_256_use_df, 1), @@ -1107,14 +1110,16 @@ static int test_set_defaults(void) && TEST_int_eq(public->type, NID_sha256) && TEST_int_eq(public->flags, RAND_DRBG_FLAG_PUBLIC) - /* Change DRBG defaults and change master and check again */ + /* FIPS mode doesn't support CTR DRBG without a derivation function */ +#ifndef FIPS_MODE + /* Change DRBG defaults and change master and check again */ && TEST_true(RAND_DRBG_set_defaults(NID_aes_256_ctr, RAND_DRBG_FLAG_CTR_NO_DF)) && TEST_true(RAND_DRBG_uninstantiate(master)) && TEST_int_eq(master->type, NID_aes_256_ctr) && TEST_int_eq(master->flags, RAND_DRBG_FLAG_MASTER|RAND_DRBG_FLAG_CTR_NO_DF) - +#endif /* Reset back to the standard defaults */ && TEST_true(RAND_DRBG_set_defaults(RAND_DRBG_TYPE, RAND_DRBG_FLAGS From builds at travis-ci.org Wed Apr 10 23:01:38 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 23:01:38 +0000 Subject: Still Failing: openssl/openssl#24688 (master - 3a86f1d) In-Reply-To: Message-ID: <5cae75d249dc8_43f974dd7afcc10954@0b8e7174-fc08-4a14-8f76-c887eeef0cdc.mail> Build Update for openssl/openssl ------------------------------------- Build: #24688 Status: Still Failing Duration: 19 mins and 45 secs Commit: 3a86f1d (master) Author: Shane Lontis Message: Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8697) View the changeset: https://github.com/openssl/openssl/compare/491360e7ab2f...3a86f1db2825 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518523928?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 10 23:23:50 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 23:23:50 +0000 Subject: Still Failing: openssl/openssl#24690 (master - 6c7d80a) In-Reply-To: Message-ID: <5cae7b0668f15_43f9f5a77930c8622a@e8430c16-8bfe-4382-96b9-a591ba10e5fa.mail> Build Update for openssl/openssl ------------------------------------- Build: #24690 Status: Still Failing Duration: 24 mins and 27 secs Commit: 6c7d80a (master) Author: Pauli Message: Reseeding without derivation function is not supported in FIPS mode. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8648) View the changeset: https://github.com/openssl/openssl/compare/3a86f1db2825...6c7d80ab3b2a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518526671?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 10 23:14:34 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 10 Apr 2019 23:14:34 +0000 Subject: Still Failing: openssl/openssl#24689 (OpenSSL_1_1_1-stable - dbd233b) In-Reply-To: Message-ID: <5cae78da7d6ba_43f930f5723f823979d@612e4119-8551-4ed7-afe3-78b343390abe.mail> Build Update for openssl/openssl ------------------------------------- Build: #24689 Status: Still Failing Duration: 26 mins and 12 secs Commit: dbd233b (OpenSSL_1_1_1-stable) Author: Shane Lontis Message: Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8697) (cherry picked from commit 3a86f1db282569c538273cc48462a3fa5fcffa39) View the changeset: https://github.com/openssl/openssl/compare/d8ceb246079a...dbd233b8038a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518524152?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Apr 10 23:49:20 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 10 Apr 2019 23:49:20 +0000 Subject: [openssl] master update Message-ID: <1554940160.234046.27038.nullmailer@dev.openssl.org> The branch master has been updated via 4660bdea07e185b96c3b91be3e3b0a38959626ac (commit) from 6c7d80ab3b2a13074ca270a6d056c59ac431155a (commit) - Log ----------------------------------------------------------------- commit 4660bdea07e185b96c3b91be3e3b0a38959626ac Author: Shane Lontis Date: Thu Apr 11 09:47:12 2019 +1000 Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods. Used to check that a test fails in fips mode i.e. ok_nofips(run(...)) Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8661) ----------------------------------------------------------------------- Summary of changes: util/perl/OpenSSL/Test.pm | 70 +++++++++++++++++++++++++++++++++++++++-- util/perl/OpenSSL/Test/Utils.pm | 5 +-- 2 files changed, 70 insertions(+), 5 deletions(-) diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index daf40cb..5d6e9d9 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ use Test::More 0.96; use Exporter; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); -$VERSION = "0.8"; +$VERSION = "1.0"; @ISA = qw(Exporter); @EXPORT = (@Test::More::EXPORT, qw(setup run indir cmd app fuzz test perlapp perltest subtest)); @@ -22,7 +22,8 @@ $VERSION = "0.8"; srctop_dir srctop_file data_file data_dir pipe with cmdstr quotify - openssl_versions)); + openssl_versions + ok_nofips is_nofips isnt_nofips)); =head1 NAME @@ -831,6 +832,63 @@ sub openssl_versions { return @versions; } +=over 4 + +=item B + +C is equivalent to using C when the environment variable +C is undefined, otherwise it is equivalent to C. This can be +used for C tests that must fail when testing a FIPS provider. The parameters +are the same as used by C which is an expression EXPR followed by the test +description TEST_NAME. + +An example: + + ok_nofips(run(app(["md5.pl"])), "md5 should fail in fips mode"); + +=item B + +C is equivalent to using C when the environment variable +C is undefined, otherwise it is equivalent to C. This can be +used for C tests that must fail when testing a FIPS provider. The parameters +are the same as used by C which has 2 arguments EXPR1 and EXPR2 that can be +compared using eq or ne, followed by a test description TEST_NAME. + +An example: + + is_nofips(ultimate_answer(), 42, "Meaning of Life"); + +=item B + +C is equivalent to using C when the environment variable +C is undefined, otherwise it is equivalent to C. This can be +used for C tests that must fail when testing a FIPS provider. The +parameters are the same as used by C which has 2 arguments EXPR1 and EXPR2 +that can be compared using ne or eq, followed by a test description TEST_NAME. + +An example: + + isnt_nofips($foo, '', "Got some foo"); + +=back + +=cut + +sub ok_nofips { + return ok(!$_[0], @_[1..$#_]) if defined $ENV{FIPS_MODE}; + return ok($_[0], @_[1..$#_]); +} + +sub is_nofips { + return isnt($_[0], $_[1], @_[2..$#_]) if defined $ENV{FIPS_MODE}; + return is($_[0], $_[1], @_[2..$#_]); +} + +sub isnt_nofips { + return is($_[0], $_[1], @_[2..$#_]) if defined $ENV{FIPS_MODE}; + return isnt($_[0], $_[1], @_[2..$#_]); +} + ###################################################################### # private functions. These are never exported. @@ -861,6 +919,12 @@ are located. Defaults to C<$TOP/test> (adapted to the operating system). If defined, it puts testing in a different mode, where a recipe with failures will result in a C at the end of its run. +=item B + +If defined it indicates that the FIPS provider is being tested. Tests may use +B, B and B to invert test results +i.e. Some tests may only work in non FIPS mode. + =back =cut diff --git a/util/perl/OpenSSL/Test/Utils.pm b/util/perl/OpenSSL/Test/Utils.pm index 18ef968..dcff6a5 100644 --- a/util/perl/OpenSSL/Test/Utils.pm +++ b/util/perl/OpenSSL/Test/Utils.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -53,6 +53,7 @@ STRING is "tls", or for all the available DTLS versions if STRING is returned list can be used with B and B. =item B + =item B In an array context returns an array with each element set to 1 if the @@ -67,6 +68,7 @@ disabled. Returns an item from the %config hash in \$TOP/configdata.pm. =item B + =item B Return true if IPv4 / IPv6 is possible to use on the current system. @@ -225,7 +227,6 @@ sub have_IPv6 { return $have_IPv6; } - =head1 SEE ALSO L From builds at travis-ci.org Thu Apr 11 00:07:54 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 11 Apr 2019 00:07:54 +0000 Subject: Still Failing: openssl/openssl#24692 (master - 4660bde) In-Reply-To: Message-ID: <5cae855a2e137_43fb48c5b971481060@5bcd97c5-c4a5-40fe-bcf7-9d523884d647.mail> Build Update for openssl/openssl ------------------------------------- Build: #24692 Status: Still Failing Duration: 18 mins and 0 secs Commit: 4660bde (master) Author: Shane Lontis Message: Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods. Used to check that a test fails in fips mode i.e. ok_nofips(run(...)) Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8661) View the changeset: https://github.com/openssl/openssl/compare/6c7d80ab3b2a...4660bdea07e1 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518541344?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 11 02:11:06 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Apr 2019 02:11:06 +0000 Subject: Build failed: openssl master.24099 Message-ID: <20190411021106.1.C64E8482210C7CC7@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 11 03:55:29 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Apr 2019 03:55:29 +0000 Subject: Build completed: openssl master.24100 Message-ID: <20190411035529.1.8F7DB9A9477503FC@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Apr 11 05:21:47 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Apr 2019 05:21:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1554960107.916281.9045.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 491360e7ab Avoid creating invalid rsa pss params ee215c7eea Fix typos dcb982d792 EVP_*Update: ensure that input NULL with length 0 isn't passed Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' Makefile:6956: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: *** Waiting for unfinished jobs.... providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:22: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From nic.tuv at gmail.com Thu Apr 11 09:18:46 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Thu, 11 Apr 2019 09:18:46 +0000 Subject: [openssl] master update Message-ID: <1554974326.443361.8594.nullmailer@dev.openssl.org> The branch master has been updated via 37f03b9881a4ffa52b0059ae444be3c416cf2a5f (commit) via ac2b52c6ad0cd40482b1c5c1c4ec68eb16020ae8 (commit) via 8d4f150f70d70d6c3e62661ed7cc16c2f751d8a1 (commit) via 8402cd5f75f8c2f60d8bd39775b24b03dd8b3b38 (commit) from 4660bdea07e185b96c3b91be3e3b0a38959626ac (commit) - Log ----------------------------------------------------------------- commit 37f03b9881a4ffa52b0059ae444be3c416cf2a5f Author: Shane Lontis Date: Tue Apr 2 10:55:00 2019 +1000 doc fixups Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8555) commit ac2b52c6ad0cd40482b1c5c1c4ec68eb16020ae8 Author: Nicola Tuveri Date: Sun Mar 31 18:46:53 2019 +0300 Separate the lookup test This fixes the "verifying the alias" case. Actually, while working on it, I realized that conceptually we were testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at the same time, and actually not in the proper way. I think it's fair to assume that overwriting the curve name for an existing group with `NID_undef` could lead to the unexpected behaviour we were observing and working around. Thus I decided to separate the lookup test in a dedicated simpler test that does what the documentation of `EC_GROUP_check_named_curve()` suggests: the lookup functionality is meant to find a name for a group generated with explicit parameters. In case an alternative alias is returned by the lookup instead of the expected nid, to avoid doing comparisons between `EC_GROUP`s with different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS` of the "alias group" and create a new explicit parameters group to use in `EC_GROUP_cmp()`. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8555) commit 8d4f150f70d70d6c3e62661ed7cc16c2f751d8a1 Author: Nicola Tuveri Date: Sun Mar 31 16:26:33 2019 +0300 EC_GROUP_set_curve() might fail for arbitrary params Setting arbitrary `p`, `a` or `b` with `EC_GROUP_set_curve()` might fail for some `EC_GROUP`s, depending on the internal `EC_METHOD` implementation, hence the block of tests verifying that `EC_GROUP_check_named_curve()` fails when any of the curve parameters is changed is modified to run only if the previous `EC_GROUP_set_curve()` call succeeds. `ERR_set_mark()` and `ERR_pop_to_mark()` are used to avoid littering the thread error stack with unrelated errors happened during `EC_GROUP_set_curve()`. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8555) commit 8402cd5f75f8c2f60d8bd39775b24b03dd8b3b38 Author: Shane Lontis Date: Thu Mar 21 20:09:02 2019 +1000 added code to validate EC named curve parameters Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8555) ----------------------------------------------------------------------- Summary of changes: apps/ecparam.c | 19 ++- crypto/ec/ec_check.c | 17 ++- crypto/ec/ec_curve.c | 123 ++++++++++++++++++- crypto/ec/ec_lcl.h | 13 +-- crypto/ec/ec_lib.c | 45 ++++--- doc/man1/ecparam.pod | 6 + doc/man3/EC_GROUP_copy.pod | 22 +++- include/openssl/ec.h | 1 + test/ectest.c | 259 +++++++++++++++++++++++++++++++++++++++++ test/recipes/15-test_ecparam.t | 10 +- util/libcrypto.num | 1 + 11 files changed, 486 insertions(+), 30 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c index 24fda04..0c893a3 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -30,7 +30,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME, - OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, + OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED, OPT_R_ENUM } OPTION_CHOICE; @@ -43,6 +43,8 @@ const OPTIONS ecparam_options[] = { {"text", OPT_TEXT, '-', "Print the ec parameters in text form"}, {"C", OPT_C, '-', "Print a 'C' function creating the parameters"}, {"check", OPT_CHECK, '-', "Validate the ec parameters"}, + {"check_named", OPT_CHECK_NAMED, '-', + "Check that named EC curve parameters have not been modified"}, {"list_curves", OPT_LIST_CURVES, '-', "Prints a list of all curve 'short names'"}, {"no_seed", OPT_NO_SEED, '-', @@ -90,7 +92,7 @@ int ecparam_main(int argc, char **argv) int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0; int ret = 1, private = 0; int list_curves = 0, no_seed = 0, check = 0, new_form = 0; - int text = 0, i, genkey = 0; + int text = 0, i, genkey = 0, check_named = 0; prog = opt_init(argc, argv, ecparam_options); while ((o = opt_next()) != OPT_EOF) { @@ -127,6 +129,9 @@ int ecparam_main(int argc, char **argv) case OPT_CHECK: check = 1; break; + case OPT_CHECK_NAMED: + check_named = 1; + break; case OPT_LIST_CURVES: list_curves = 1; break; @@ -266,6 +271,16 @@ int ecparam_main(int argc, char **argv) goto end; } + if (check_named) { + BIO_printf(bio_err, "validating named elliptic curve parameters: "); + if (EC_GROUP_check_named_curve(group, 0) <= 0) { + BIO_printf(bio_err, "failed\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_printf(bio_err, "ok\n"); + } + if (check) { BIO_printf(bio_err, "checking elliptic curve parameters: "); if (!EC_GROUP_check(group, NULL)) { diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index 322d0fe..097d7e1 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,16 @@ #include "ec_lcl.h" #include +int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only) +{ + int nid; + + nid = ec_curve_nid_from_params(group); + if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL) + nid = NID_undef; + return nid; +} + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) { int ret = 0; @@ -17,6 +27,11 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) BN_CTX *new_ctx = NULL; EC_POINT *point = NULL; + if (group == NULL || group->meth == NULL) { + ECerr(EC_F_EC_GROUP_CHECK, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + /* Custom curves assumed to be correct */ if ((group->meth->flags & EC_FLAGS_CUSTOM_CURVE) != 0) return 1; diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 641cf3f..6c7c9dd 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -14,6 +14,7 @@ #include #include #include "internal/nelem.h" +#include "internal/o_str.h" typedef struct { int field_type, /* either NID_X9_62_prime_field or @@ -1136,6 +1137,7 @@ static const struct { }, { /* no seed */ + /* p */ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, @@ -1209,6 +1211,7 @@ static const struct { }, { /* no seed */ + /* p */ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, @@ -1244,6 +1247,7 @@ static const struct { }, { /* no seed */ + /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1, @@ -1278,7 +1282,7 @@ static const struct { NID_X9_62_characteristic_two_field, 20, 36, 2 }, { - /* no seed */ + /* seed */ 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, 0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE, /* p */ @@ -3197,3 +3201,120 @@ int EC_curve_nist2nid(const char *name) } return NID_undef; } + +#define NUM_BN_FIELDS 6 +/* + * Validates EC domain parameter data for known named curves. + * This can be used when a curve is loaded explicitly (without a curve + * name) or to validate that domain parameters have not been modified. + * + * Returns: The nid associated with the found named curve, or NID_undef + * if not found. If there was an error it returns -1. + */ +int ec_curve_nid_from_params(const EC_GROUP *group) +{ + int ret = -1, nid, len, field_type, param_len; + size_t i, seed_len; + const unsigned char *seed, *params_seed, *params; + unsigned char *param_bytes = NULL; + const EC_CURVE_DATA *data; + const EC_POINT *generator = NULL; + const EC_METHOD *meth; + const BIGNUM *cofactor = NULL; + /* An array of BIGNUMs for (p, a, b, x, y, order) */ + BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + BN_CTX *ctx = NULL; + + meth = EC_GROUP_method_of(group); + if (meth == NULL) + return -1; + /* Use the optional named curve nid as a search field */ + nid = EC_GROUP_get_curve_name(group); + field_type = EC_METHOD_get_field_type(meth); + seed_len = EC_GROUP_get_seed_len(group); + seed = EC_GROUP_get0_seed(group); + cofactor = EC_GROUP_get0_cofactor(group); + + ctx = BN_CTX_new(); + if (ctx == NULL) + return -1; + BN_CTX_start(ctx); + + /* + * The built-in curves contains data fields (p, a, b, x, y, order) that are + * all zero-padded to be the same size. The size of the padding is + * determined by either the number of bytes in the field modulus (p) or the + * EC group order, whichever is larger. + */ + param_len = BN_num_bytes(group->order); + len = BN_num_bytes(group->field); + if (len > param_len) + param_len = len; + + /* Allocate space to store the padded data for (p, a, b, x, y, order) */ + param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); + if (param_bytes == NULL) + goto end; + + /* Create the bignums */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if ((bn[i] = BN_CTX_get(ctx)) == NULL) + goto end; + } + /* + * Fill in the bn array with the same values as the internal curves + * i.e. the values are p, a, b, x, y, order. + */ + /* Get p, a & b */ + if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) + goto end; + + /* + * Convert the bignum array to bytes that are joined together to form + * a single buffer that contains data for all fields. + * (p, a, b, x, y, order) are all zero padded to be the same size. + */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + goto end; + } + + for (i = 0; i < curve_list_length; i++) { + const ec_list_element curve = curve_list[i]; + + data = curve.data; + /* Get the raw order byte data */ + params_seed = (const unsigned char *)(data + 1); /* skip header */ + params = params_seed + data->seed_len; + + /* Look for unique fields in the fixed curve data */ + if (data->field_type == field_type + && param_len == data->param_len + && (nid <= 0 || nid == curve.nid) + /* check the optional cofactor (ignore if its zero) */ + && (BN_is_zero(cofactor) + || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) + /* Check the optional seed (ignore if its not set) */ + && (data->seed_len == 0 || seed_len == 0 + || ((size_t)data->seed_len == seed_len + && OPENSSL_memcmp(params_seed, seed, seed_len) == 0)) + /* Check that the groups params match the built-in curve params */ + && OPENSSL_memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) + == 0) { + ret = curve.nid; + goto end; + } + } + /* Gets here if the group was not found */ + ret = NID_undef; +end: + OPENSSL_free(param_bytes); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 6b90ef3..c54789b 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -309,13 +309,10 @@ struct ec_point_st { static ossl_inline int ec_point_is_compat(const EC_POINT *point, const EC_GROUP *group) { - if (group->meth != point->meth - || (group->curve_name != 0 - && point->curve_name != 0 - && group->curve_name != point->curve_name)) - return 0; - - return 1; + return group->meth == point->meth + && (group->curve_name == 0 + || point->curve_name == 0 + || group->curve_name == point->curve_name); } NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); @@ -595,6 +592,8 @@ int ec_key_simple_generate_key(EC_KEY *eckey); int ec_key_simple_generate_public_key(EC_KEY *eckey); int ec_key_simple_check_key(const EC_KEY *eckey); +int ec_curve_nid_from_params(const EC_GROUP *group); + /* EC_METHOD definitions */ struct ec_key_method_st { diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 798382a..762cac4 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -284,15 +284,17 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, if (order != NULL) { if (!BN_copy(group->order, order)) return 0; - } else + } else { BN_zero(group->order); + } + /* The cofactor is an optional field, so it should be able to be NULL. */ if (cofactor != NULL) { if (!BN_copy(group->cofactor, cofactor)) return 0; - } else + } else { BN_zero(group->cofactor); - + } /* * Some groups have an order with * factors of two, which makes the Montgomery setup fail. @@ -530,30 +532,43 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) !b->meth->group_get_curve(b, b1, b2, b3, ctx)) r = 1; - if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) + /* return 1 if the curve parameters are different */ + if (r || BN_cmp(a1, b1) != 0 || BN_cmp(a2, b2) != 0 || BN_cmp(a3, b3) != 0) r = 1; /* XXX EC_POINT_cmp() assumes that the methods are equal */ + /* return 1 if the generators are different */ if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), - EC_GROUP_get0_generator(b), ctx)) + EC_GROUP_get0_generator(b), ctx) != 0) r = 1; if (!r) { const BIGNUM *ao, *bo, *ac, *bc; - /* compare the order and cofactor */ + /* compare the orders */ ao = EC_GROUP_get0_order(a); bo = EC_GROUP_get0_order(b); - ac = EC_GROUP_get0_cofactor(a); - bc = EC_GROUP_get0_cofactor(b); if (ao == NULL || bo == NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx_new); - return -1; + /* return an error if either order is NULL */ + r = -1; + goto end; + } + if (BN_cmp(ao, bo) != 0) { + /* return 1 if orders are different */ + r = 1; + goto end; } - if (BN_cmp(ao, bo) || BN_cmp(ac, bc)) + /* + * It gets here if the curve parameters and generator matched. + * Now check the optional cofactors (if both are present). + */ + ac = EC_GROUP_get0_cofactor(a); + bc = EC_GROUP_get0_cofactor(b); + /* Returns 1 (mismatch) if both cofactors are specified and different */ + if (!BN_is_zero(ac) && !BN_is_zero(bc) && BN_cmp(ac, bc) != 0) r = 1; + /* Returns 0 if the parameters matched */ } - +end: BN_CTX_end(ctx); BN_CTX_free(ctx_new); @@ -622,8 +637,8 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) } if (dest->meth != src->meth || (dest->curve_name != src->curve_name - && dest->curve_name != 0 - && src->curve_name != 0)) { + && dest->curve_name != 0 + && src->curve_name != 0)) { ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/doc/man1/ecparam.pod b/doc/man1/ecparam.pod index ed39788..fac930e 100644 --- a/doc/man1/ecparam.pod +++ b/doc/man1/ecparam.pod @@ -17,6 +17,7 @@ B [B<-text>] [B<-C>] [B<-check>] +[B<-check_named>] [B<-name arg>] [B<-list_curves>] [B<-conv_form arg>] @@ -79,6 +80,11 @@ be loaded by calling the get_ec_group_XXX() function. Validate the elliptic curve parameters. +=item B<-check_named> + +Validate the elliptic name curve parameters by checking if the curve parameters +match any built-in curves. + =item B<-name arg> Use the EC parameters with the specified 'short' name. Use B<-list_curves> diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod index 3f7108d..b62eaa9 100644 --- a/doc/man3/EC_GROUP_copy.pod +++ b/doc/man3/EC_GROUP_copy.pod @@ -9,7 +9,8 @@ EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, -EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, +EC_GROUP_check, EC_GROUP_check_named_curve, +EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field - Functions for manipulating EC_GROUP objects @@ -50,6 +51,7 @@ EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field int EC_GROUP_get_degree(const EC_GROUP *group); int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only); int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); @@ -128,7 +130,7 @@ in that a parameter obtained in this way is highly unlikely to be susceptible to If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the -builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use this seed value, although it will be preserved in any ASN1 based communications. @@ -143,6 +145,14 @@ The function EC_GROUP_check performs a number of checks on a curve to verify tha verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has the correct order. +The function EC_GROUP_check_named_curve determines if the group's domain parameters match one of the built-in curves supported by the library. +The curve name is returned as a B if it matches. If the group's domain parameters have been modified then no match will be found. +If the curve name of the given group is B (e.g. it has been created by using explicit parameters with no curve name), +then this method can be used to lookup the name of the curve that matches the group domain parameters. The built-in curves contain +aliases, so that multiple NID's can map to the same domain parameters. For such curves it is unspecified which of the aliases will be +returned if the curve name of the given group is NID_undef. +If B is 1 it will only look for NIST approved curves, otherwise it searches all built-in curves. + EC_GROUP_cmp compares B and B to determine whether they represent the same curve or not. The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves @@ -175,6 +185,8 @@ EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, point_conversion_form and degree for the specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. +EC_GROUP_check_named_curve() returns the nid of the matching named curve, otherwise it returns 0 for no match, or -1 on error. + EC_GROUP_get0_order() returns an internal pointer to the group order. EC_GROUP_order_bits() returns the number of bits in the group order. EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor. @@ -198,9 +210,13 @@ L, L, L, L, L, L, L +=head1 HISTORY + +The EC_GROUP_check_named_curve() function was added in OpenSSL 3.0. + =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 8d4d1b1..af559cb 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -422,6 +422,7 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); const char *EC_curve_nid2nist(int nid); int EC_curve_nist2nid(const char *name); +int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only); /********************************************************************/ /* EC_POINT functions */ diff --git a/test/ectest.c b/test/ectest.c index 59c7e99..7236b43 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -8,6 +8,7 @@ * https://www.openssl.org/source/license.html */ +#include #include "internal/nelem.h" #include "testutil.h" @@ -1556,6 +1557,262 @@ static const unsigned char p521_explicit[] = { 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, }; +/* + * This test validates a named curve's group parameters using + * EC_GROUP_check_named_curve(). It also checks that modifying any of the + * group parameters results in the curve not being valid. + */ +static int check_named_curve_test(int id) +{ + int ret = 0, nid, field_nid, has_seed; + EC_GROUP *group = NULL, *gtest = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_p = NULL, *group_a = NULL, *group_b = NULL; + BIGNUM *other_p = NULL, *other_a = NULL, *other_b = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_order = NULL; + const BIGNUM *group_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(bn_ctx = BN_CTX_new()) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(gtest = EC_GROUP_dup(group)) + || !TEST_ptr(group_p = BN_new()) + || !TEST_ptr(group_a = BN_new()) + || !TEST_ptr(group_b = BN_new()) + || !TEST_ptr(group_cofactor = BN_new()) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_ptr(other_order = BN_dup(group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_ptr(other_a = BN_dup(group_a)) + || !TEST_true(BN_add_word(other_a, 1)) + || !TEST_ptr(other_b = BN_dup(group_b)) + || !TEST_true(BN_add_word(other_b, 1)) + || !TEST_ptr(other_cofactor = BN_dup(group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + /* Determine if the built-in curve has a seed field set */ + has_seed = (EC_GROUP_get_seed_len(group) > 0); + field_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + if (field_nid == NID_X9_62_characteristic_two_field) { + if (!TEST_ptr(other_p = BN_dup(group_p)) + || !TEST_true(BN_lshift1(other_p, other_p))) + goto err; + } else { + if (!TEST_ptr(other_p = BN_dup(group_p))) + goto err; + /* + * Just choosing any arbitrary prime does not work.. + * Setting p via ec_GFp_nist_group_set_curve() needs the prime to be a + * nist prime. So only select one of these as an alternate prime. + */ + if (!TEST_ptr(BN_copy(other_p, + BN_ucmp(BN_get0_nist_prime_192(), other_p) == 0 ? + BN_get0_nist_prime_256() : + BN_get0_nist_prime_192()))) + goto err; + } + + /* Passes because this is a valid curve */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0), nid) + /* Only NIST curves pass */ + || !TEST_int_eq(EC_GROUP_check_named_curve(group, 1), + EC_curve_nid2nist(nid) != NULL ? nid : NID_undef)) + goto err; + + /* Fail if the curve name doesn't match the parameters */ + EC_GROUP_set_curve_name(group, nid + 1); + ERR_set_mark(); + if (!TEST_int_le(EC_GROUP_check_named_curve(group, 0), 0)) + goto err; + ERR_pop_to_mark(); + + /* Restore curve name and ensure it's passing */ + EC_GROUP_set_curve_name(group, nid); + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0), nid)) + goto err; + + if (!TEST_int_eq(EC_GROUP_set_seed(group, invalid_seed, invalid_seed_len), + invalid_seed_len)) + goto err; + + if (has_seed) { + /* + * If the built-in curve has a seed and we set the seed to another value + * then it will fail the check. + */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0), 0)) + goto err; + } else { + /* + * If the built-in curve does not have a seed then setting the seed will + * pass the check (as the seed is optional). + */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0), nid)) + goto err; + } + /* Pass if the seed is unknown (as it is optional) */ + if (!TEST_int_eq(EC_GROUP_set_seed(group, NULL, 0), 1) + || !TEST_int_eq(EC_GROUP_check_named_curve(group, 0), nid)) + goto err; + + /* Check that a duped group passes */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), nid)) + goto err; + + /* check that changing any generator parameter fails */ + if (!TEST_true(EC_GROUP_set_generator(gtest, other_gen, group_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), 0) + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, other_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), 0) + /* The order is not an optional field, so this should fail */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, NULL, + group_cofactor)) + || !TEST_int_le(EC_GROUP_check_named_curve(gtest, 0), 0) + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + other_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), 0) + /* Check that if the cofactor is not set then it still passes */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + NULL)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), nid) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), nid)) + goto err; + + /* + * check that changing any curve parameter fails + * + * Setting arbitrary p, a or b might fail for some EC_GROUPs + * depending on the internal EC_METHOD implementation, hence run + * these tests conditionally to the success of EC_GROUP_set_curve(). + */ + ERR_set_mark(); + if (EC_GROUP_set_curve(gtest, other_p, group_a, group_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + if (EC_GROUP_set_curve(gtest, group_p, other_a, group_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + if (EC_GROUP_set_curve(gtest, group_p, group_a, other_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + ERR_pop_to_mark(); + + /* Check that restoring the curve parameters passes */ + if (!TEST_true(EC_GROUP_set_curve(gtest, group_p, group_a, group_b, NULL)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), nid)) + goto err; + + ret = 1; +err: + BN_free(group_p); + BN_free(other_p); + BN_free(group_a); + BN_free(other_a); + BN_free(group_b); + BN_free(other_b); + BN_free(group_cofactor); + BN_free(other_cofactor); + BN_free(other_order); + EC_POINT_free(other_gen); + EC_GROUP_free(gtest); + EC_GROUP_free(group); + BN_CTX_free(bn_ctx); + return ret; +} + +/* + * This checks the lookup capability of EC_GROUP_check_named_curve() + * when the given group was created with explicit parameters. + * + * It is possible to retrieve an alternative alias that does not match + * the original nid in this case. + */ +static int check_named_curve_lookup_test(int id) +{ + int ret = 0, nid, rv = 0; + EC_GROUP *g = NULL , *ga = NULL; + ECPARAMETERS *p = NULL, *pa = NULL; + BN_CTX *ctx = NULL; + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(p = EC_GROUP_get_ecparameters(g, NULL))) + goto err; + + /* replace with group from explicit parameters */ + EC_GROUP_free(g); + if (!TEST_ptr(g = EC_GROUP_new_from_ecparameters(p))) + goto err; + + if (!TEST_int_gt(rv = EC_GROUP_check_named_curve(g, 0), 0)) + goto err; + if (rv != nid) { + /* + * Found an alias: + * fail if the returned nid is not an alias of the original group. + * + * The comparison here is done by comparing two explicit + * parameter EC_GROUPs with EC_GROUP_cmp(), to ensure the + * comparison happens with unnamed EC_GROUPs using the same + * EC_METHODs. + */ + if (!TEST_ptr(ga = EC_GROUP_new_by_curve_name(rv)) + || !TEST_ptr(pa = EC_GROUP_get_ecparameters(ga, NULL))) + goto err; + + /* replace with group from explicit parameters, then compare */ + EC_GROUP_free(ga); + if (!TEST_ptr(ga = EC_GROUP_new_from_ecparameters(pa)) + || !TEST_int_eq(EC_GROUP_cmp(g, ga, ctx), 0)) + goto err; + } + + ret = 1; + + err: + EC_GROUP_free(g); + EC_GROUP_free(ga); + ECPARAMETERS_free(p); + ECPARAMETERS_free(pa); + BN_CTX_free(ctx); + + return ret; +} + static int parameter_test(void) { EC_GROUP *group = NULL, *group2 = NULL; @@ -1621,6 +1878,8 @@ int setup_tests(void) ADD_ALL_TESTS(internal_curve_test, crv_len); ADD_ALL_TESTS(internal_curve_test_method, crv_len); ADD_TEST(group_field_test); + ADD_ALL_TESTS(check_named_curve_test, crv_len); + ADD_ALL_TESTS(check_named_curve_lookup_test, crv_len); #endif return 1; } diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t index 1d0b59c..ee14775 100644 --- a/test/recipes/15-test_ecparam.t +++ b/test/recipes/15-test_ecparam.t @@ -23,12 +23,20 @@ plan skip_all => "EC isn't supported in this build" my @valid = glob(data_file("valid", "*.pem")); my @invalid = glob(data_file("invalid", "*.pem")); -plan tests => scalar @valid + scalar @invalid; +plan tests => scalar @valid + scalar @invalid + scalar @valid + scalar @invalid; foreach (@valid) { ok(run(app([qw{openssl ecparam -noout -check -in}, $_]))); } +foreach (@valid) { + ok(run(app([qw{openssl ecparam -noout -check_named -in}, $_]))); +} + foreach (@invalid) { ok(!run(app([qw{openssl ecparam -noout -check -in}, $_]))); } + +foreach (@invalid) { + ok(!run(app([qw{openssl ecparam -noout -check_named -in}, $_]))); +} diff --git a/util/libcrypto.num b/util/libcrypto.num index 9569bf4..3704a63 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4795,3 +4795,4 @@ EVP_MD_upref 4742 3_0_0 EXIST::FUNCTION: EVP_MD_fetch 4743 3_0_0 EXIST::FUNCTION: EVP_set_default_properties 4744 3_0_0 EXIST::FUNCTION: OSSL_PARAM_construct_end 4745 3_0_0 EXIST::FUNCTION: +EC_GROUP_check_named_curve 4746 3_0_0 EXIST::FUNCTION:EC From builds at travis-ci.org Thu Apr 11 09:42:09 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 11 Apr 2019 09:42:09 +0000 Subject: Still Failing: openssl/openssl#24697 (master - 37f03b9) In-Reply-To: Message-ID: <5caf0bf197da0_43fb5d9f132a817035c@34ce9e77-6e96-47de-8106-86e42b7c6fd2.mail> Build Update for openssl/openssl ------------------------------------- Build: #24697 Status: Still Failing Duration: 22 mins and 41 secs Commit: 37f03b9 (master) Author: Shane Lontis Message: doc fixups Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8555) View the changeset: https://github.com/openssl/openssl/compare/4660bdea07e1...37f03b9881a4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518678868?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Apr 11 10:10:27 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Apr 2019 10:10:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1554977427.260733.31382.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 491360e7ab Avoid creating invalid rsa pss params ee215c7eea Fix typos dcb982d792 EVP_*Update: ensure that input NULL with length 0 isn't passed Build log ended with (last 100 lines): /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: more undefined references to `__ubsan_handle_shift_out_of_bounds_abort' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:202: undefined reference to `__ubsan_handle_add_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-ubsan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:63: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12768: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:120: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: undefined reference to `__ubsan_handle_pointer_overflow_abort' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12844: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Thu Apr 11 13:50:50 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Apr 2019 13:50:50 +0000 Subject: Build failed: openssl master.24104 Message-ID: <20190411135050.1.5C9F2CD429171726@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 11 14:08:09 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Apr 2019 14:08:09 +0000 Subject: Build failed: openssl master.24105 Message-ID: <20190411140809.1.E50A30D72FD8781F@appveyor.com> An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Thu Apr 11 14:18:14 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Thu, 11 Apr 2019 14:18:14 +0000 Subject: [openssl] master update Message-ID: <1554992294.488806.18075.nullmailer@dev.openssl.org> The branch master has been updated via 5173cdde7d758824e6a07f2a6c6808b254602e11 (commit) from 37f03b9881a4ffa52b0059ae444be3c416cf2a5f (commit) - Log ----------------------------------------------------------------- commit 5173cdde7d758824e6a07f2a6c6808b254602e11 Author: Shane Lontis Date: Sat Mar 23 13:12:08 2019 +1000 ec key validation checks updated Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8564) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_key.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++-------- test/ectest.c | 57 ++++++++++++++++++++++++++++++++-- 2 files changed, 132 insertions(+), 14 deletions(-) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 416c0e0..76aea4f 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -298,6 +298,58 @@ int EC_KEY_check_key(const EC_KEY *eckey) return eckey->group->meth->keycheck(eckey); } +/* + * Check the range of the EC public key. + * See SP800-56A R3 Section 5.6.2.3.3 (Part 2) + * i.e. + * - If q = odd prime p: Verify that xQ and yQ are integers in the + * interval[0, p ? 1], OR + * - If q = 2m: Verify that xQ and yQ are bit strings of length m bits. + * Returns 1 if the public key has a valid range, otherwise it returns 0. + */ +static int ec_key_public_range_check(BN_CTX *ctx, const EC_KEY *key) +{ + int ret = 0; + BIGNUM *x, *y; + + BN_CTX_start(ctx); + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + if (y == NULL) + goto err; + + if (!EC_POINT_get_affine_coordinates(key->group, key->pub_key, x, y, ctx)) + goto err; + + if (EC_METHOD_get_field_type(key->group->meth) == NID_X9_62_prime_field) { + if (BN_is_negative(x) + || BN_cmp(x, key->group->field) >= 0 + || BN_is_negative(y) + || BN_cmp(y, key->group->field) >= 0) { + goto err; + } + } else { + int m = EC_GROUP_get_degree(key->group); + if (BN_num_bits(x) > m || BN_num_bits(y) > m) { + goto err; + } + } + ret = 1; +err: + BN_CTX_end(ctx); + return ret; +} + +/* + * ECC Key validation as specified in SP800-56A R3. + * Section 5.6.2.3.3 ECC Full Public-Key Validation + * Section 5.6.2.1.2 Owner Assurance of Private-Key Validity + * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency + * NOTES: + * Before calling this method in fips mode, there should be an assurance that + * an approved elliptic-curve group is used. + * Returns 1 if the key is valid, otherwise it returns 0. + */ int ec_key_simple_check_key(const EC_KEY *eckey) { int ok = 0; @@ -310,6 +362,7 @@ int ec_key_simple_check_key(const EC_KEY *eckey) return 0; } + /* 5.6.2.3.3 (Step 1): Q != infinity */ if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY); goto err; @@ -317,20 +370,28 @@ int ec_key_simple_check_key(const EC_KEY *eckey) if ((ctx = BN_CTX_new()) == NULL) goto err; + if ((point = EC_POINT_new(eckey->group)) == NULL) goto err; - /* testing whether the pub_key is on the elliptic curve */ + /* 5.6.2.3.3 (Step 2) Test if the public key is in range */ + if (!ec_key_public_range_check(ctx, eckey)) { + ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_COORDINATES_OUT_OF_RANGE); + goto err; + } + + /* 5.6.2.3.3 (Step 3) is the pub_key on the elliptic curve */ if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } - /* testing whether pub_key * order is the point at infinity */ + order = eckey->group->order; if (BN_is_zero(order)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); goto err; } + /* 5.6.2.3.3 (Step 4) : pub_key * order is the point at infinity. */ if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB); goto err; @@ -339,15 +400,21 @@ int ec_key_simple_check_key(const EC_KEY *eckey) ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER); goto err; } - /* - * in case the priv_key is present : check if generator * priv_key == - * pub_key - */ + if (eckey->priv_key != NULL) { - if (BN_cmp(eckey->priv_key, order) >= 0) { + /* + * 5.6.2.1.2 Owner Assurance of Private-Key Validity + * The private key is in the range [1, order-1] + */ + if (BN_cmp(eckey->priv_key, BN_value_one()) < 0 + || BN_cmp(eckey->priv_key, order) >= 0) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER); goto err; } + /* + * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency (b) + * Check if generator * priv_key = pub_key + */ if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB); @@ -399,12 +466,10 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, goto err; /* - * Check if retrieved coordinates match originals and are less than field - * order: if not values are out of range. + * Check if retrieved coordinates match originals. The range check is done + * inside EC_KEY_check_key(). */ - if (BN_cmp(x, tx) || BN_cmp(y, ty) - || (BN_cmp(x, key->group->field) >= 0) - || (BN_cmp(y, key->group->field) >= 0)) { + if (BN_cmp(x, tx) || BN_cmp(y, ty)) { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, EC_R_COORDINATES_OUT_OF_RANGE); goto err; diff --git a/test/ectest.c b/test/ectest.c index 7236b43..ab75ace 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1855,7 +1855,59 @@ err: OPENSSL_free(buf); return r; } -#endif + +static int check_ec_key_field_public_range_test(int id) +{ + int ret = 0, type = 0; + const EC_POINT *pub = NULL; + const EC_GROUP *group = NULL; + const EC_METHOD *meth = NULL; + const BIGNUM *field = NULL; + BIGNUM *x = NULL, *y = NULL; + EC_KEY *key = NULL; + + if (!(TEST_ptr(x = BN_new()) + && TEST_ptr(y = BN_new()) + && TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) + && TEST_ptr(group = EC_KEY_get0_group(key)) + && TEST_ptr(meth = EC_GROUP_method_of(group)) + && TEST_ptr(field = EC_GROUP_get0_field(group)) + && TEST_int_gt(EC_KEY_generate_key(key), 0) + && TEST_int_gt(EC_KEY_check_key(key), 0) + && TEST_ptr(pub = EC_KEY_get0_public_key(key)) + && TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, + NULL), 0))) + goto err; + + /* + * Make the public point out of range by adding the field (which will still + * be the same point on the curve). The add is different for char2 fields. + */ + type = EC_METHOD_get_field_type(meth); + if (type == NID_X9_62_characteristic_two_field) { + /* test for binary curves */ + if (!TEST_true(BN_GF2m_add(x, x, field))) + goto err; + } else if (type == NID_X9_62_prime_field) { + /* test for prime curves */ + if (!TEST_true(BN_add(x, x, field))) + goto err; + } else { + /* this should never happen */ + TEST_error("Unsupported EC_METHOD field_type"); + goto err; + } + if (!TEST_int_le(EC_KEY_set_public_key_affine_coordinates(key, x, y), 0)) + goto err; + + ret = 1; +err: + BN_free(x); + BN_free(y); + EC_KEY_free(key); + return ret; +} +#endif /* OPENSSL_NO_EC */ int setup_tests(void) { @@ -1880,7 +1932,8 @@ int setup_tests(void) ADD_TEST(group_field_test); ADD_ALL_TESTS(check_named_curve_test, crv_len); ADD_ALL_TESTS(check_named_curve_lookup_test, crv_len); -#endif + ADD_ALL_TESTS(check_ec_key_field_public_range_test, crv_len); +#endif /* OPENSSL_NO_EC */ return 1; } From builds at travis-ci.org Thu Apr 11 14:38:54 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 11 Apr 2019 14:38:54 +0000 Subject: Still Failing: openssl/openssl#24701 (master - 5173cdd) In-Reply-To: Message-ID: <5caf517db8eab_43fa80f5ef078188961@a8cc983e-7610-4277-a065-a1e20e2c0fe1.mail> Build Update for openssl/openssl ------------------------------------- Build: #24701 Status: Still Failing Duration: 20 mins and 5 secs Commit: 5173cdd (master) Author: Shane Lontis Message: ec key validation checks updated Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8564) View the changeset: https://github.com/openssl/openssl/compare/37f03b9881a4...5173cdde7d75 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/518795619?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 11 15:30:43 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Apr 2019 15:30:43 +0000 Subject: Build completed: openssl master.24106 Message-ID: <20190411153043.1.B09DF15B2ED2F6C5@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Apr 11 22:19:20 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Apr 2019 22:19:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1555021160.395826.20917.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 5173cdde7d ec key validation checks updated 37f03b9881 doc fixups ac2b52c6ad Separate the lookup test 8d4f150f70 EC_GROUP_set_curve() might fail for arbitrary params 8402cd5f75 added code to validate EC named curve parameters 4660bdea07 Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods. Used to check that a test fails in fips mode i.e. ok_nofips(run(...)) 6c7d80ab3b Reseeding without derivation function is not supported in FIPS mode. 3a86f1db28 Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t Build log ended with (last 100 lines): /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:204: undefined reference to `__asan_memset' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:216: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_stack_malloc_2' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_stack_malloc_1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:178: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:179: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:180: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:181: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:182: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:183: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:189: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:190: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:203: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:205: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:209: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_register_globals' crypto/sha/fips-dso-sha256.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_unregister_globals' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__asan_report_store8' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:43: undefined reference to `__asan_memcpy' providers/common/digests/fips-dso-sha2.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_register_globals' providers/common/digests/fips-dso-sha2.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_unregister_globals' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__asan_report_store8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:63: undefined reference to `__asan_report_store4' providers/fips/fips-dso-fipsprov.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_register_globals' providers/fips/fips-dso-fipsprov.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_unregister_globals' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Fri Apr 12 01:16:21 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Apr 2019 01:16:21 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1555031781.578959.9532.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 5173cdde7d ec key validation checks updated 37f03b9881 doc fixups ac2b52c6ad Separate the lookup test 8d4f150f70 EC_GROUP_set_curve() might fail for arbitrary params 8402cd5f75 added code to validate EC named curve parameters 4660bdea07 Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods. Used to check that a test fails in fips mode i.e. ok_nofips(run(...)) 6c7d80ab3b Reseeding without derivation function is not supported in FIPS mode. 3a86f1db28 Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl dtls1 > test/buildtest_dtls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl e_os2 > test/buildtest_e_os2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ebcdic > test/buildtest_ebcdic.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ec > test/buildtest_ec.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ess > test/buildtest_ess.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl params > test/buildtest_params.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl provider > test/buildtest_provider.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/casttest-bin-casttest.d.tmp -MT test/casttest-bin-casttest.o -c -o test/casttest-bin-casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Iapps/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/chacha_internal_test-bin-chacha_internal_test.d.tmp -MT test/chacha_internal_test-bin-chacha_internal_test.o -c -o test/chacha_internal_test-bin-chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -Iapps/include -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c ../openssl/test/ectest.c:1889:24: error: implicit declaration of function 'BN_GF2m_add' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(BN_GF2m_add(x, x, field))) ^ ../openssl/test/ectest.c:1889:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] 2 errors generated. Makefile:15271: recipe for target 'test/ectest-bin-ectest.o' failed make[1]: *** [test/ectest-bin-ectest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Fri Apr 12 04:32:14 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Apr 2019 04:32:14 +0000 Subject: Build failed: openssl master.24114 Message-ID: <20190412043214.1.C8921197B292A836@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 12 05:00:34 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Apr 2019 05:00:34 +0000 Subject: Build completed: openssl master.24115 Message-ID: <20190412050034.1.62924307C30AB7AE@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Apr 12 05:17:02 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Apr 2019 05:17:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1555046222.879718.22322.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 5173cdde7d ec key validation checks updated 37f03b9881 doc fixups ac2b52c6ad Separate the lookup test 8d4f150f70 EC_GROUP_set_curve() might fail for arbitrary params 8402cd5f75 added code to validate EC named curve parameters 4660bdea07 Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods. Used to check that a test fails in fips mode i.e. ok_nofips(run(...)) 6c7d80ab3b Reseeding without derivation function is not supported in FIPS mode. 3a86f1db28 Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:22: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Fri Apr 12 08:16:48 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 12 Apr 2019 08:16:48 +0000 Subject: [openssl] master update Message-ID: <1555057008.858907.16022.nullmailer@dev.openssl.org> The branch master has been updated via 65175163247fe0f56c894c9ac7baf93f4386cebe (commit) from 5173cdde7d758824e6a07f2a6c6808b254602e11 (commit) - Log ----------------------------------------------------------------- commit 65175163247fe0f56c894c9ac7baf93f4386cebe Author: Pauli Date: Fri Apr 12 18:16:20 2019 +1000 Add prediction resistance capability to the DRBG reseeding process. Refer to NIST SP 800-90C section 5.4 "Prediction Resistance.l" This requires the seed sources to be approved as entropy sources, after which they should be considered live sources as per section 5.3.2 "Live Entropy Source Availability." Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8647) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++ crypto/rand/rand_lib.c | 12 ------ doc/man3/RAND_DRBG_generate.pod | 14 ++++--- doc/man3/RAND_DRBG_reseed.pod | 14 ++++++- doc/man3/RAND_DRBG_set_callbacks.pod | 9 ++--- doc/man7/RAND_DRBG.pod | 7 ++-- test/drbgtest.c | 78 ++++++++++++++++++++++++++++++++++++ 7 files changed, 110 insertions(+), 28 deletions(-) diff --git a/CHANGES b/CHANGES index e70e42b..11c80b7 100644 --- a/CHANGES +++ b/CHANGES @@ -9,8 +9,12 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Add prediction resistance to the DRBG reseeding process. + [Paul Dale] + *) Limit the number of blocks in a data unit for AES-XTS to 2^20 as mandated by IEEE Std 1619-2018. + [Paul Dale] *) Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index a298b75..2b77960 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -183,17 +183,6 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, } } else { - if (prediction_resistance) { - /* - * We don't have any entropy sources that comply with the NIST - * standard to provide prediction resistance (see NIST SP 800-90C, - * Section 5.4). - */ - RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, - RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED); - goto err; - } - /* Get entropy by polling system entropy sources. */ entropy_available = rand_pool_acquire_entropy(pool); } @@ -203,7 +192,6 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, *pout = rand_pool_detach(pool); } - err: if (drbg->seed_pool == NULL) rand_pool_free(pool); return ret; diff --git a/doc/man3/RAND_DRBG_generate.pod b/doc/man3/RAND_DRBG_generate.pod index 0066c86..09903f8 100644 --- a/doc/man3/RAND_DRBG_generate.pod +++ b/doc/man3/RAND_DRBG_generate.pod @@ -29,7 +29,9 @@ number of generate requests (I) or the maximum timespan (I) since its last seeding have been reached. If this is the case, the DRBG reseeds automatically. Additionally, an immediate reseeding can be requested by setting the -B flag to 1. See NOTES section for more details. +B flag to 1. +Requesting prediction resistance is a relative expensive operation. +See NOTES section for more details. The caller can optionally provide additional data to be used for reseeding by passing a pointer B to a buffer of length B. @@ -59,16 +61,16 @@ If necessary, they can be changed using L and L, respectively. A request for prediction resistance can only be satisfied by pulling fresh -entropy from one of the approved entropy sources listed in section 5.5.2 of -[NIST SP 800-90C]. -Since the default DRBG implementation does not have access to such an approved -entropy source, a request for prediction resistance will always fail. -In other words, prediction resistance is currently not supported yet by the DRBG. +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. =head1 HISTORY The RAND_DRBG functions were added in OpenSSL 1.1.1. +Prediction resistance is supported from OpenSSL 3.0.0. + =head1 SEE ALSO L, diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod index ca08a39..c4d2671 100644 --- a/doc/man3/RAND_DRBG_reseed.pod +++ b/doc/man3/RAND_DRBG_reseed.pod @@ -13,7 +13,8 @@ RAND_DRBG_set_reseed_defaults #include int RAND_DRBG_reseed(RAND_DRBG *drbg, - const unsigned char *adin, size_t adinlen); + const unsigned char *adin, size_t adinlen, + int prediction_resistance); int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); @@ -37,6 +38,10 @@ and mixing in the specified additional data provided in the buffer B of length B. The additional data can be omitted by setting B to NULL and B to 0. +An immediate reseeding can be requested by setting the +B flag to 1. +Requesting prediction resistance is a relative expensive operation. +See NOTES section for more details. RAND_DRBG_set_reseed_interval() sets the reseed interval of the B, which is the maximum allowed number @@ -88,10 +93,17 @@ To ensure that they are applied to the global and thread-local DRBG instances RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. + =head1 HISTORY The RAND_DRBG functions were added in OpenSSL 1.1.1. +Prediction resistance is supported from OpenSSL 3.0.0. + =head1 SEE ALSO L, diff --git a/doc/man3/RAND_DRBG_set_callbacks.pod b/doc/man3/RAND_DRBG_set_callbacks.pod index 9a1d157..4734b07 100644 --- a/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/doc/man3/RAND_DRBG_set_callbacks.pod @@ -104,12 +104,9 @@ contents safely before freeing it, in order not to leave sensitive information about the DRBG's state in memory. A request for prediction resistance can only be satisfied by pulling fresh -entropy from one of the approved entropy sources listed in section 5.5.2 of -[NIST SP 800-90C]. -Since the default implementation of the get_entropy callback does not have access -to such an approved entropy source, a request for prediction resistance will -always fail. -In other words, prediction resistance is currently not supported yet by the DRBG. +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. The derivation function is disabled during initialization by calling the RAND_DRBG_set() function with the RAND_DRBG_FLAG_CTR_NO_DF flag. diff --git a/doc/man7/RAND_DRBG.pod b/doc/man7/RAND_DRBG.pod index f3fa605..48d4ace 100644 --- a/doc/man7/RAND_DRBG.pod +++ b/doc/man7/RAND_DRBG.pod @@ -192,9 +192,10 @@ I parameter to 1 when calling L. The document [NIST SP 800-90C] describes prediction resistance requests in detail and imposes strict conditions on the entropy sources that are approved for providing prediction resistance. -Since the default DRBG implementation does not have access to such an approved -entropy source, a request for prediction resistance will currently always fail. -In other words, prediction resistance is currently not supported yet by the DRBG. +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. For the three shared DRBGs (and only for these) there is another way to diff --git a/test/drbgtest.c b/test/drbgtest.c index ca45a8f..bf4c723 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -1012,6 +1012,83 @@ static int test_rand_add(void) return 1; } +static int test_rand_drbg_prediction_resistance(void) +{ + RAND_DRBG *m = NULL, *i = NULL, *s = NULL; + unsigned char buf1[51], buf2[sizeof(buf1)]; + int ret = 0, mreseed, ireseed, sreseed; + + /* Initialise a three long DRBG chain */ + if (!TEST_ptr(m = RAND_DRBG_new(0, 0, NULL)) + || !TEST_true(disable_crngt(m)) + || !TEST_true(RAND_DRBG_instantiate(m, NULL, 0)) + || !TEST_ptr(i = RAND_DRBG_new(0, 0, m)) + || !TEST_true(RAND_DRBG_instantiate(i, NULL, 0)) + || !TEST_ptr(s = RAND_DRBG_new(0, 0, i)) + || !TEST_true(RAND_DRBG_instantiate(s, NULL, 0))) + goto err; + + /* During a normal reseed, only the slave DRBG should be reseed */ + mreseed = ++m->reseed_prop_counter; + ireseed = ++i->reseed_prop_counter; + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 0)) + || !TEST_int_eq(m->reseed_prop_counter, mreseed) + || !TEST_int_eq(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed)) + goto err; + + /* + * When prediction resistance is requested, the request should be + * propagated to the master, so that the entire DRBG chain reseeds. + */ + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 1)) + || !TEST_int_gt(m->reseed_prop_counter, mreseed) + || !TEST_int_gt(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed)) + goto err; + + /* During a normal generate, only the slave DRBG should be reseed */ + mreseed = ++m->reseed_prop_counter; + ireseed = ++i->reseed_prop_counter; + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_generate(s, buf1, sizeof(buf1), 0, NULL, 0)) + || !TEST_int_eq(m->reseed_prop_counter, mreseed) + || !TEST_int_eq(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed)) + goto err; + + /* + * When a prediction resistant generate is requested, the request + * should be propagated to the master, reseeding the entire DRBG chain. + */ + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_generate(s, buf2, sizeof(buf2), 1, NULL, 0)) + || !TEST_int_gt(m->reseed_prop_counter, mreseed) + || !TEST_int_gt(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed) + || !TEST_mem_ne(buf1, sizeof(buf1), buf2, sizeof(buf2))) + goto err; + + /* Verify that a normal reseed still only reseeds the slave DRBG */ + mreseed = ++m->reseed_prop_counter; + ireseed = ++i->reseed_prop_counter; + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 0)) + || !TEST_int_eq(m->reseed_prop_counter, mreseed) + || !TEST_int_eq(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed)) + goto err; + + ret = 1; +err: + RAND_DRBG_free(s); + RAND_DRBG_free(i); + RAND_DRBG_free(m); + return ret; +} + static int test_multi_set(void) { int rv = 0; @@ -1252,6 +1329,7 @@ int setup_tests(void) ADD_TEST(test_rand_drbg_reseed); ADD_TEST(test_rand_seed); ADD_TEST(test_rand_add); + ADD_TEST(test_rand_drbg_prediction_resistance); ADD_TEST(test_multi_set); ADD_TEST(test_set_defaults); #if defined(OPENSSL_THREADS) From builds at travis-ci.org Fri Apr 12 08:47:38 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 12 Apr 2019 08:47:38 +0000 Subject: Still Failing: openssl/openssl#24714 (master - 6517516) In-Reply-To: Message-ID: <5cb050a9e93bf_43f84860beb2826144b@70c79465-d191-4b5f-9538-759b7d2bae02.mail> Build Update for openssl/openssl ------------------------------------- Build: #24714 Status: Still Failing Duration: 26 mins and 35 secs Commit: 6517516 (master) Author: Pauli Message: Add prediction resistance capability to the DRBG reseeding process. Refer to NIST SP 800-90C section 5.4 "Prediction Resistance.l" This requires the seed sources to be approved as entropy sources, after which they should be considered live sources as per section 5.3.2 "Live Entropy Source Availability." Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8647) View the changeset: https://github.com/openssl/openssl/compare/5173cdde7d75...65175163247f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/519141664?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Apr 12 10:11:04 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Apr 2019 10:11:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1555063864.496520.8850.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 5173cdde7d ec key validation checks updated 37f03b9881 doc fixups ac2b52c6ad Separate the lookup test 8d4f150f70 EC_GROUP_set_curve() might fail for arbitrary params 8402cd5f75 added code to validate EC named curve parameters 4660bdea07 Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods. Used to check that a test fails in fips mode i.e. ok_nofips(run(...)) 6c7d80ab3b Reseeding without derivation function is not supported in FIPS mode. 3a86f1db28 Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t Build log ended with (last 100 lines): /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: more undefined references to `__ubsan_handle_shift_out_of_bounds_abort' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:202: undefined reference to `__ubsan_handle_add_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-ubsan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:63: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12768: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:120: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: undefined reference to `__ubsan_handle_pointer_overflow_abort' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12844: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From bernd.edlinger at hotmail.de Fri Apr 12 11:55:45 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 12 Apr 2019 11:55:45 +0000 Subject: [openssl] master update Message-ID: <1555070145.458889.12939.nullmailer@dev.openssl.org> The branch master has been updated via 9bba2c4c97a5fc5aea9e24223eebb85a15817e74 (commit) from 65175163247fe0f56c894c9ac7baf93f4386cebe (commit) - Log ----------------------------------------------------------------- commit 9bba2c4c97a5fc5aea9e24223eebb85a15817e74 Author: Bernd Edlinger Date: Wed Apr 10 22:44:41 2019 +0200 Add CMAC speed measurements usage: openssl speed -cmac aes128 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8721) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++--- doc/man1/speed.pod | 5 +++ 2 files changed, 90 insertions(+), 4 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 5674e32..e9ed8b5 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -57,6 +57,9 @@ # include #endif #include +#ifndef OPENSSL_NO_CMAC +#include +#endif #include #ifndef OPENSSL_NO_RMD160 # include @@ -300,7 +303,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, - OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD + OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC } OPTION_CHOICE; const OPTIONS speed_options[] = { @@ -309,6 +312,9 @@ const OPTIONS speed_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"}, +#ifndef OPENSSL_NO_CMAC + {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"}, +#endif {"decrypt", OPT_DECRYPT, '-', "Time decryption instead of encryption (only EVP)"}, {"aead", OPT_AEAD, '-', @@ -371,6 +377,7 @@ const OPTIONS speed_options[] = { #define D_GHASH 29 #define D_RAND 30 #define D_EVP_HMAC 31 +#define D_EVP_CMAC 32 /* name of algorithms to test */ static const char *names[] = { @@ -381,7 +388,7 @@ static const char *names[] = { "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", "evp", "sha256", "sha512", "whirlpool", "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", - "rand", "hmac" + "rand", "hmac", "cmac" }; #define ALGOR_NUM OSSL_NELEM(names) @@ -629,6 +636,9 @@ typedef struct loopargs_st { #endif EVP_CIPHER_CTX *ctx; HMAC_CTX *hctx; +#ifndef OPENSSL_NO_CMAC + CMAC_CTX *cmac_ctx; +#endif GCM128_CONTEXT *gcm_ctx; } loopargs_t; static int run_benchmark(int async_jobs, int (*loop_function) (void *), @@ -1064,6 +1074,33 @@ static int EVP_HMAC_loop(void *args) return count; } +#ifndef OPENSSL_NO_CMAC +static const EVP_CIPHER *evp_cmac_cipher = NULL; +static char *evp_cmac_name = NULL; + +static int EVP_CMAC_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + CMAC_CTX *cmac_ctx = tempargs->cmac_ctx; + static const char key[16] = "This is a key..."; + unsigned char mac[16]; + size_t len = sizeof(mac); + int count; +#ifndef SIGALRM + int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; +#endif + + for (count = 0; COND(nb_iter); count++) { + if (!CMAC_Init(cmac_ctx, key, sizeof(key), evp_cmac_cipher, NULL) + || !CMAC_Update(cmac_ctx, buf, lengths[testnum]) + || !CMAC_Final(cmac_ctx, mac, &len)) + return -1; + } + return count; +} +#endif + #ifndef OPENSSL_NO_RSA static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ @@ -1610,6 +1647,17 @@ int speed_main(int argc, char **argv) } doit[D_EVP_HMAC] = 1; break; + case OPT_CMAC: +#ifndef OPENSSL_NO_CMAC + evp_cmac_cipher = EVP_get_cipherbyname(opt_arg()); + if (evp_cmac_cipher == NULL) { + BIO_printf(bio_err, "%s: %s is an unknown cipher\n", + prog, opt_arg()); + goto end; + } + doit[D_EVP_CMAC] = 1; +#endif + break; case OPT_DECRYPT: decrypt = 1; break; @@ -1848,9 +1896,9 @@ int speed_main(int argc, char **argv) e = setup_engine(engine_id, 0); /* No parameters; turn on everything. */ - if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC]) { + if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC] && !doit[D_EVP_CMAC]) { for (i = 0; i < ALGOR_NUM; i++) - if (i != D_EVP && i != D_EVP_HMAC) + if (i != D_EVP && i != D_EVP_HMAC && i != D_EVP_CMAC) doit[i] = 1; #ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) @@ -2719,6 +2767,36 @@ int speed_main(int argc, char **argv) } } +#ifndef OPENSSL_NO_CMAC + if (doit[D_EVP_CMAC]) { + if (evp_cmac_cipher != NULL) { + const char *cipher_name = OBJ_nid2ln(EVP_CIPHER_type(evp_cmac_cipher)); + evp_cmac_name = app_malloc(sizeof("CMAC()") + strlen(cipher_name), + "CMAC name"); + sprintf(evp_cmac_name, "CMAC(%s)", cipher_name); + names[D_EVP_CMAC] = evp_cmac_name; + + for (i = 0; i < loopargs_len; i++) { + loopargs[i].cmac_ctx = CMAC_CTX_new(); + if (loopargs[i].cmac_ctx == NULL) { + BIO_printf(bio_err, "CMAC malloc failure, exiting..."); + exit(1); + } + } + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_EVP_CMAC], save_count, lengths[testnum], + seconds.sym); + Time_F(START); + count = run_benchmark(async_jobs, EVP_CMAC_loop, loopargs); + d = Time_F(STOP); + print_result(D_EVP_CMAC, testnum, count, d); + } + for (i = 0; i < loopargs_len; i++) + CMAC_CTX_free(loopargs[i].cmac_ctx); + } + } +#endif + for (i = 0; i < loopargs_len; i++) if (RAND_bytes(loopargs[i].buf, 36) <= 0) goto end; @@ -3418,6 +3496,9 @@ int speed_main(int argc, char **argv) #endif } OPENSSL_free(evp_hmac_name); +#ifndef OPENSSL_NO_CMAC + OPENSSL_free(evp_cmac_name); +#endif if (async_jobs > 0) { for (i = 0; i < loopargs_len; i++) diff --git a/doc/man1/speed.pod b/doc/man1/speed.pod index e164c61..1cb4494 100644 --- a/doc/man1/speed.pod +++ b/doc/man1/speed.pod @@ -13,6 +13,7 @@ B [B<-elapsed>] [B<-evp algo>] [B<-hmac algo>] +[B<-cmac algo>] [B<-decrypt>] [B<-rand file...>] [B<-writerand file>] @@ -60,6 +61,10 @@ aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation. Time the HMAC algorithm using the specified message digest. +=item B<-cmac cipher> + +Time the CMAC algorithm using the specified cipher e.g. B. + =item B<-decrypt> Time the decryption instead of encryption. Affects only the EVP testing. From builds at travis-ci.org Fri Apr 12 12:14:39 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 12 Apr 2019 12:14:39 +0000 Subject: Still Failing: openssl/openssl#24716 (master - 9bba2c4) In-Reply-To: Message-ID: <5cb0812f2cd88_43ff948cb26dc17414b@86985fe9-e481-4d2c-8c41-1eac9c10f67d.mail> Build Update for openssl/openssl ------------------------------------- Build: #24716 Status: Still Failing Duration: 18 mins and 21 secs Commit: 9bba2c4 (master) Author: Bernd Edlinger Message: Add CMAC speed measurements usage: openssl speed -cmac aes128 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8721) View the changeset: https://github.com/openssl/openssl/compare/65175163247f...9bba2c4c97a5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/519217793?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Apr 12 13:27:09 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 12 Apr 2019 13:27:09 +0000 Subject: [openssl] master update Message-ID: <1555075629.174885.1908.nullmailer@dev.openssl.org> The branch master has been updated via fd367b4ce37d8f8353deb93fd7677ca636881d81 (commit) from 9bba2c4c97a5fc5aea9e24223eebb85a15817e74 (commit) - Log ----------------------------------------------------------------- commit fd367b4ce37d8f8353deb93fd7677ca636881d81 Author: Matt Caswell Date: Tue Apr 9 15:32:33 2019 +0100 Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt() These undocumented functions were never integrated into the EVP layer and implement the AES Infinite Garble Extension (IGE) mode and AES Bi-directional IGE mode. These modes were never formally standardised and usage of these functions is believed to be very small. In particular AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one is ever used. The security implications are believed to be minimal, but this issue was never fixed for backwards compatibility reasons. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8710) ----------------------------------------------------------------------- Summary of changes: CHANGES | 11 +++++++++++ apps/speed.c | 10 +++++++++- crypto/aes/aes_ige.c | 14 ++++++++++++++ include/openssl/aes.h | 2 ++ test/igetest.c | 17 +++++++++++------ util/libcrypto.num | 4 ++-- 6 files changed, 49 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 11c80b7..164787c 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,17 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been + deprecated. These undocumented functions were never integrated into the EVP + layer and implement the AES Infinite Garble Extension (IGE) mode and AES + Bi-directional IGE mode. These modes were never formally standardised and + usage of these functions is believed to be very small. In particular + AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one + is ever used. The security implications are believed to be minimal, but + this issue was never fixed for backwards compatibility reasons. New code + should not use these modes. + [Matt Caswell] + *) Add prediction resistance to the DRBG reseeding process. [Paul Dale] diff --git a/apps/speed.c b/apps/speed.c index e9ed8b5..72826f8 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -166,10 +166,12 @@ static int DES_ede3_cbc_encrypt_loop(void *args); #endif static int AES_cbc_128_encrypt_loop(void *args); static int AES_cbc_192_encrypt_loop(void *args); -static int AES_ige_128_encrypt_loop(void *args); static int AES_cbc_256_encrypt_loop(void *args); +#if !OPENSSL_API_3 +static int AES_ige_128_encrypt_loop(void *args); static int AES_ige_192_encrypt_loop(void *args); static int AES_ige_256_encrypt_loop(void *args); +#endif static int CRYPTO_gcm128_aad_loop(void *args); static int RAND_bytes_loop(void *args); static int EVP_Update_loop(void *args); @@ -428,9 +430,11 @@ static const OPT_PAIR doit_choices[] = { {"aes-128-cbc", D_CBC_128_AES}, {"aes-192-cbc", D_CBC_192_AES}, {"aes-256-cbc", D_CBC_256_AES}, +#if !OPENSSL_API_3 {"aes-128-ige", D_IGE_128_AES}, {"aes-192-ige", D_IGE_192_AES}, {"aes-256-ige", D_IGE_256_AES}, +#endif #ifndef OPENSSL_NO_RC2 {"rc2-cbc", D_CBC_RC2}, {"rc2", D_CBC_RC2}, @@ -869,6 +873,7 @@ static int AES_cbc_256_encrypt_loop(void *args) return count; } +#if !OPENSSL_API_3 static int AES_ige_128_encrypt_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -904,6 +909,7 @@ static int AES_ige_256_encrypt_loop(void *args) (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT); return count; } +#endif static int CRYPTO_gcm128_aad_loop(void *args) { @@ -2429,6 +2435,7 @@ int speed_main(int argc, char **argv) } } +#if !OPENSSL_API_3 if (doit[D_IGE_128_AES]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum], @@ -2462,6 +2469,7 @@ int speed_main(int argc, char **argv) print_result(D_IGE_256_AES, testnum, count, d); } } +#endif if (doit[D_GHASH]) { for (i = 0; i < loopargs_len; i++) { loopargs[i].gcm_ctx = diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index e19922a..351c173 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -9,6 +9,10 @@ #include "internal/cryptlib.h" +#if OPENSSL_API_3 +NON_EMPTY_TRANSLATION_UNIT +#else + #include #include "aes_locl.h" @@ -34,6 +38,7 @@ typedef struct { /* N.B. The IV for this mode is _twice_ the block size */ +/* Use of this function is deprecated. */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, const int enc) @@ -162,6 +167,14 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, /* * Note that its effectively impossible to do biIGE in anything other * than a single pass, so no provision is made for chaining. + * + * NB: The implementation of AES_bi_ige_encrypt has a bug. It is supposed to use + * 2 AES keys, but in fact only one is ever used. This bug has been present + * since this code was first implemented. It is believed to have minimal + * security impact in practice and has therefore not been fixed for backwards + * compatibility reasons. + * + * Use of this function is deprecated. */ /* N.B. The IV for this mode is _four times_ the block size */ @@ -282,3 +295,4 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, } } } +#endif diff --git a/include/openssl/aes.h b/include/openssl/aes.h index e0e5ff3..060aa0f 100644 --- a/include/openssl/aes.h +++ b/include/openssl/aes.h @@ -67,6 +67,7 @@ void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num); +# if !OPENSSL_API_3 /* NB: the IV is _two_ blocks long */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, @@ -76,6 +77,7 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec, const int enc); +# endif int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, diff --git a/test/igetest.c b/test/igetest.c index 9cc551f..a4b8cfa 100644 --- a/test/igetest.c +++ b/test/igetest.c @@ -15,19 +15,21 @@ #include "internal/nelem.h" #include "testutil.h" -#define TEST_SIZE 128 -#define BIG_TEST_SIZE 10240 +#if !OPENSSL_API_3 -#if BIG_TEST_SIZE < TEST_SIZE -#error BIG_TEST_SIZE is smaller than TEST_SIZE -#endif +# define TEST_SIZE 128 +# define BIG_TEST_SIZE 10240 + +# if BIG_TEST_SIZE < TEST_SIZE +# error BIG_TEST_SIZE is smaller than TEST_SIZE +# endif static unsigned char rkey[16]; static unsigned char rkey2[16]; static unsigned char plaintext[BIG_TEST_SIZE]; static unsigned char saved_iv[AES_BLOCK_SIZE * 4]; -#define MAX_VECTOR_SIZE 64 +# define MAX_VECTOR_SIZE 64 struct ige_test { const unsigned char key[16]; @@ -432,9 +434,11 @@ static int test_bi_ige_garble3(void) /* Fail if there is more than 1% matching bytes */ return TEST_size_t_le(matches, sizeof(checktext) / 100); } +#endif int setup_tests(void) { +#if !OPENSSL_API_3 RAND_bytes(rkey, sizeof(rkey)); RAND_bytes(rkey2, sizeof(rkey2)); RAND_bytes(plaintext, sizeof(plaintext)); @@ -450,5 +454,6 @@ int setup_tests(void) ADD_TEST(test_bi_ige_garble3); ADD_ALL_TESTS(test_ige_vectors, OSSL_NELEM(ige_test_vectors)); ADD_ALL_TESTS(test_bi_ige_vectors, OSSL_NELEM(bi_ige_test_vectors)); +#endif return 1; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 3704a63..c14523e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -684,7 +684,7 @@ PKCS7_SIGNER_INFO_it 683 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION: PKCS7_SIGNER_INFO_it 683 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CRYPTO_ocb128_copy_ctx 684 3_0_0 EXIST::FUNCTION:OCB TS_REQ_get_ext_d2i 685 3_0_0 EXIST::FUNCTION:TS -AES_ige_encrypt 686 3_0_0 EXIST::FUNCTION: +AES_ige_encrypt 686 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 d2i_SXNET 687 3_0_0 EXIST::FUNCTION: CTLOG_get0_log_id 688 3_0_0 EXIST::FUNCTION:CT CMS_RecipientInfo_ktri_get0_signer_id 689 3_0_0 EXIST::FUNCTION:CMS @@ -1456,7 +1456,7 @@ EVP_PKEY_get0_DH 1442 3_0_0 EXIST::FUNCTION:DH d2i_OCSP_CRLID 1443 3_0_0 EXIST::FUNCTION:OCSP EVP_CIPHER_CTX_set_padding 1444 3_0_0 EXIST::FUNCTION: CTLOG_new_from_base64 1445 3_0_0 EXIST::FUNCTION:CT -AES_bi_ige_encrypt 1446 3_0_0 EXIST::FUNCTION: +AES_bi_ige_encrypt 1446 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 ERR_pop_to_mark 1447 3_0_0 EXIST::FUNCTION: CRL_DIST_POINTS_new 1449 3_0_0 EXIST::FUNCTION: EVP_PKEY_get0_asn1 1450 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Fri Apr 12 13:47:20 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 12 Apr 2019 13:47:20 +0000 Subject: Still Failing: openssl/openssl#24720 (master - fd367b4) In-Reply-To: Message-ID: <5cb096e6cbb6f_43f9649e232bc1781e9@e9a7f06d-9045-42df-b39d-962e41ad4aa2.mail> Build Update for openssl/openssl ------------------------------------- Build: #24720 Status: Still Failing Duration: 19 mins and 35 secs Commit: fd367b4 (master) Author: Matt Caswell Message: Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt() These undocumented functions were never integrated into the EVP layer and implement the AES Infinite Garble Extension (IGE) mode and AES Bi-directional IGE mode. These modes were never formally standardised and usage of these functions is believed to be very small. In particular AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one is ever used. The security implications are believed to be minimal, but this issue was never fixed for backwards compatibility reasons. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8710) View the changeset: https://github.com/openssl/openssl/compare/9bba2c4c97a5...fd367b4ce37d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/519254092?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Apr 12 13:52:43 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 12 Apr 2019 13:52:43 +0000 Subject: [openssl] master update Message-ID: <1555077163.776811.29346.nullmailer@dev.openssl.org> The branch master has been updated via 938e82f622eb04ebbfe534c79d234d0f6a0df035 (commit) via b5c4bbbe54e112b976155004b3d702e47ce7d9d9 (commit) via 573ac8f2228241771f727ecd8ff10f54073536d3 (commit) via 95f92d57755a9bfc83135a585da69d497f7293d9 (commit) from fd367b4ce37d8f8353deb93fd7677ca636881d81 (commit) - Log ----------------------------------------------------------------- commit 938e82f622eb04ebbfe534c79d234d0f6a0df035 Author: Joshua Lock Date: Thu Apr 11 15:38:56 2019 +0100 Further harmonisation of manual page HISTORY sections A couple of minor tweaks to match the style introduced in #7854: - BIO_connect: remove line break to make more grep friendly - SSL_CTX_new: harmoise the format of the HISTORY section Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8729) commit b5c4bbbe54e112b976155004b3d702e47ce7d9d9 Author: Joshua Lock Date: Tue Apr 9 15:13:55 2019 +0100 Update various man pages to place HISTORY section after SEE ALSO SEE ALSO before HISTORY is the more common pattern in OpenSSL manual pages and seems to be the prevalent order based on sampling my system manual pages. Fixes #8631 Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8729) commit 573ac8f2228241771f727ecd8ff10f54073536d3 Author: Joshua Lock Date: Tue Apr 9 15:10:08 2019 +0100 Add a check for history section location to find-doc-nits Check that the HISTORY section is located after the SEE ALSO section, this is a much more frequent order in OpenSSL manual pages (and UNIX manual pages in general). Also check that SEE ALSO comes after EXAMPLES, so that the tool can ensure the correct manual section sequence. Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8729) commit 95f92d57755a9bfc83135a585da69d497f7293d9 Author: Joshua Lock Date: Tue Apr 9 14:53:58 2019 +0100 Make check_example_location() in find-doc-nits generic Change to check_section_location(), a generic function to ensure that section SECTION appears before section BEFORE in the man pages. Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8729) ----------------------------------------------------------------------- Summary of changes: doc/man3/BIO_connect.pod | 14 +++++++------- doc/man3/BN_rand.pod | 20 ++++++++++---------- doc/man3/BN_security_bits.pod | 10 +++++----- doc/man3/DES_random_key.pod | 12 ++++++------ doc/man3/PEM_read_bio_PrivateKey.pod | 12 ++++++------ doc/man3/RAND_DRBG_generate.pod | 14 +++++++------- doc/man3/RAND_DRBG_get0_master.pod | 11 +++++------ doc/man3/RAND_DRBG_new.pod | 10 +++++----- doc/man3/RAND_DRBG_reseed.pod | 19 +++++++------------ doc/man3/RAND_DRBG_set_callbacks.pod | 11 +++++------ doc/man3/RAND_add.pod | 12 ++++++------ doc/man3/RAND_bytes.pod | 20 ++++++++++---------- doc/man3/RAND_cleanup.pod | 10 +++++----- doc/man3/SSL_CIPHER_get_name.pod | 12 ++++++------ doc/man3/SSL_CTX_new.pod | 14 +++++++------- doc/man3/SSL_CTX_set_default_passwd_cb.pod | 12 ++++++------ doc/man3/SSL_CTX_set_min_proto_version.pod | 10 +++++----- doc/man3/SSL_CTX_set_split_send_fragment.pod | 10 +++++----- doc/man3/SSL_read.pod | 10 +++++----- doc/man3/SSL_write.pod | 10 +++++----- doc/man3/X509_get_subject_name.pod | 18 +++++++++--------- util/find-doc-nits | 23 +++++++++++++++-------- 22 files changed, 147 insertions(+), 147 deletions(-) diff --git a/doc/man3/BIO_connect.pod b/doc/man3/BIO_connect.pod index 00e4463..c0edae7 100644 --- a/doc/man3/BIO_connect.pod +++ b/doc/man3/BIO_connect.pod @@ -95,19 +95,19 @@ B (-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. -=head1 HISTORY - -BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(), -BIO_get_accept_socket() and BIO_accept() were deprecated in -OpenSSL 1.1.0. Use the functions described above instead. - =head1 SEE ALSO L +=head1 HISTORY + +BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(), +BIO_get_accept_socket() and BIO_accept() were deprecated in OpenSSL 1.1.0. +Use the functions described above instead. + =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index 3ceeff1..93e8c3f 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -59,6 +59,15 @@ seeded with enough randomness to ensure an unpredictable byte sequence. The functions return 1 on success, 0 on error. The error codes can be obtained by L. +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + =head1 HISTORY =over 2 @@ -78,18 +87,9 @@ BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. =back -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_security_bits.pod b/doc/man3/BN_security_bits.pod index 3b9bf88..f02bf2e 100644 --- a/doc/man3/BN_security_bits.pod +++ b/doc/man3/BN_security_bits.pod @@ -31,17 +31,17 @@ Number of security bits. ECC (Elliptic Curve Cryptography) is not covered by the BN_security_bits() function. The symmetric algorithms are not covered neither. -=head1 HISTORY - -The BN_security_bits() function was added in OpenSSL 1.1.0. - =head1 SEE ALSO L, L, L +=head1 HISTORY + +The BN_security_bits() function was added in OpenSSL 1.1.0. + =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DES_random_key.pod b/doc/man3/DES_random_key.pod index f5203b8..4f0f25a 100644 --- a/doc/man3/DES_random_key.pod +++ b/doc/man3/DES_random_key.pod @@ -296,6 +296,11 @@ last 4 bytes of the checksum of the input. DES_fcrypt() returns a pointer to the caller-provided buffer and DES_crypt() - to a static buffer on success; otherwise they return NULL. +=head1 SEE ALSO + +L, +L + =head1 HISTORY The requirement that the B parameter to DES_crypt() and DES_fcrypt() @@ -304,14 +309,9 @@ OpenSSL 1.1.0. Previous versions tried to use the letter uppercase B if both character were not present, and could crash when given non-ASCII on some platforms. -=head1 SEE ALSO - -L, -L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index a5a63c4..69ff679 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -459,20 +459,20 @@ Skeleton pass phrase callback: return len; } +=head1 SEE ALSO + +L, L, +L + =head1 HISTORY The old Netscape certificate sequences were no longer documented in OpenSSL 1.1.0; applications should use the PKCS7 standard instead as they will be formally deprecated in a future releases. -=head1 SEE ALSO - -L, L, -L - =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_generate.pod b/doc/man3/RAND_DRBG_generate.pod index 09903f8..e0778ea 100644 --- a/doc/man3/RAND_DRBG_generate.pod +++ b/doc/man3/RAND_DRBG_generate.pod @@ -65,12 +65,6 @@ entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). It is up to the user to ensure that a live entropy source is configured and is being used. -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - -Prediction resistance is supported from OpenSSL 3.0.0. - =head1 SEE ALSO L, @@ -78,9 +72,15 @@ L, L, L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + +Prediction resistance is supported from OpenSSL 3.0.0. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_get0_master.pod b/doc/man3/RAND_DRBG_get0_master.pod index e829887..62f6fdb 100644 --- a/doc/man3/RAND_DRBG_get0_master.pod +++ b/doc/man3/RAND_DRBG_get0_master.pod @@ -53,11 +53,6 @@ During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely. - -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, @@ -68,9 +63,13 @@ L, L, L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_new.pod b/doc/man3/RAND_DRBG_new.pod index 27142ab..8b73840 100644 --- a/doc/man3/RAND_DRBG_new.pod +++ b/doc/man3/RAND_DRBG_new.pod @@ -134,10 +134,6 @@ To ensure that they are applied to the global and thread-local DRBG instances RAND_DRBG_set_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, @@ -145,9 +141,13 @@ L, L, L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod index c4d2671..4037560 100644 --- a/doc/man3/RAND_DRBG_reseed.pod +++ b/doc/man3/RAND_DRBG_reseed.pod @@ -93,17 +93,6 @@ To ensure that they are applied to the global and thread-local DRBG instances RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. -A request for prediction resistance can only be satisfied by pulling fresh -entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). -It is up to the user to ensure that a live entropy source is configured -and is being used. - -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - -Prediction resistance is supported from OpenSSL 3.0.0. - =head1 SEE ALSO L, @@ -111,9 +100,15 @@ L, L. L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + +Prediction resistance is supported from OpenSSL 3.0.0. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_set_callbacks.pod b/doc/man3/RAND_DRBG_set_callbacks.pod index 4734b07..09a6ef1 100644 --- a/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/doc/man3/RAND_DRBG_set_callbacks.pod @@ -121,20 +121,19 @@ In this case the DRBG will automatically request an extra amount of entropy utilize for the nonce, following the recommendations of [NIST SP 800-90A Rev. 1], section 8.6.7. - -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, L, L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod index 65232d9..ed7824d 100644 --- a/doc/man3/RAND_add.pod +++ b/doc/man3/RAND_add.pod @@ -80,11 +80,6 @@ RAND_event() returns RAND_status(). The other functions do not return values. -=head1 HISTORY - -RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should -not be used. - =head1 SEE ALSO L, @@ -92,9 +87,14 @@ L, L, L +=head1 HISTORY + +RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should +not be used. + =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index 86d37b3..fb1e1c9 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -43,6 +43,15 @@ return 1 on success, -1 if not supported by the current RAND method, or 0 on other failure. The error code can be obtained by L. +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + =head1 HISTORY =over 2 @@ -57,18 +66,9 @@ The RAND_priv_bytes() function was added in OpenSSL 1.1.1. =back -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod index 129d579..dfe76a7 100644 --- a/doc/man3/RAND_cleanup.pod +++ b/doc/man3/RAND_cleanup.pod @@ -25,18 +25,18 @@ L. RAND_cleanup() returns no value. +=head1 SEE ALSO + +L + =head1 HISTORY RAND_cleanup() was deprecated in OpenSSL 1.1.0; do not use it. See L -=head1 SEE ALSO - -L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 1da3447..26ee6a0 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -180,6 +180,11 @@ SSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific I SSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the TLS protocol-specific ID. +=head1 SEE ALSO + +L, L, +L, L + =head1 HISTORY The SSL_CIPHER_get_version() function was updated to always return the @@ -196,14 +201,9 @@ required to enable this function. The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. -=head1 SEE ALSO - -L, L, -L, L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod index 371827d..4b3e8dd 100644 --- a/doc/man3/SSL_CTX_new.pod +++ b/doc/man3/SSL_CTX_new.pod @@ -190,6 +190,11 @@ SSL_CTX_up_ref() returns 1 for success and 0 for failure. =back +=head1 SEE ALSO + +L, L, L, +L, L, L + =head1 HISTORY Support for SSLv2 and the corresponding SSLv2_method(), @@ -198,18 +203,13 @@ removed in OpenSSL 1.1.0. SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were deprecated and the preferred TLS_method(), TLS_server_method() -and TLS_client_method() functions were introduced in OpenSSL 1.1.0. +and TLS_client_method() functions were added in OpenSSL 1.1.0. All version-specific methods were deprecated in OpenSSL 1.1.0. -=head1 SEE ALSO - -L, L, L, -L, L, L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_default_passwd_cb.pod b/doc/man3/SSL_CTX_set_default_passwd_cb.pod index 4d38164..bc19890 100644 --- a/doc/man3/SSL_CTX_set_default_passwd_cb.pod +++ b/doc/man3/SSL_CTX_set_default_passwd_cb.pod @@ -90,20 +90,20 @@ truncated. return strlen(buf); } +=head1 SEE ALSO + +L, +L + =head1 HISTORY SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were added in OpenSSL 1.1.0. -=head1 SEE ALSO - -L, -L - =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_min_proto_version.pod b/doc/man3/SSL_CTX_set_min_proto_version.pod index 32a47cf..45f8210 100644 --- a/doc/man3/SSL_CTX_set_min_proto_version.pod +++ b/doc/man3/SSL_CTX_set_min_proto_version.pod @@ -52,18 +52,18 @@ lowest or highest protocol, respectively. All these functions are implemented using macros. +=head1 SEE ALSO + +L, L + =head1 HISTORY The setter functions were added in OpenSSL 1.1.0. The getter functions were added in OpenSSL 1.1.1. -=head1 SEE ALSO - -L, L - =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index cf595ee..5f0ff3f 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -162,6 +162,10 @@ SSL_set_default_read_buffer_len(), SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() all these functions are implemented using macros. +=head1 SEE ALSO + +L, L + =head1 HISTORY The SSL_CTX_set_max_pipelines(), SSL_set_max_pipelines(), @@ -172,13 +176,9 @@ functions were added in OpenSSL 1.1.0. The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1. -=head1 SEE ALSO - -L, L - =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index c60bd23..f5c02a3 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -126,10 +126,6 @@ You should instead call SSL_get_error() to find out if it's retryable. =back -=head1 HISTORY - -The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, L, @@ -140,9 +136,13 @@ L, L, L, L, L +=head1 HISTORY + +The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index 4daaec2..a73bc06 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -104,10 +104,6 @@ You should instead call SSL_get_error() to find out if it's retryable. =back -=head1 HISTORY - -The SSL_write_ex() function was added in OpenSSL 1.1.1. - =head1 SEE ALSO L, L, L @@ -116,9 +112,13 @@ L, L L, L, L +=head1 HISTORY + +The SSL_write_ex() function was added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_get_subject_name.pod b/doc/man3/X509_get_subject_name.pod index 21bb403..8c9d854 100644 --- a/doc/man3/X509_get_subject_name.pod +++ b/doc/man3/X509_get_subject_name.pod @@ -48,14 +48,6 @@ and X509_CRL_get_issuer() return an B pointer. X509_set_subject_name(), X509_set_issuer_name(), X509_REQ_set_subject_name() and X509_CRL_set_issuer_name() return 1 for success and 0 for failure. -=head1 HISTORY - -X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in -earlier versions. - -X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously -added in OpenSSL 1.0.0 as a macro. - =head1 SEE ALSO L, @@ -74,9 +66,17 @@ L, L, L +=head1 HISTORY + +X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in +earlier versions. + +X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. + =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/util/find-doc-nits b/util/find-doc-nits index 5d5c2d0..66966eb 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -142,16 +142,18 @@ sub name_synopsis() } } -# Check if EXAMPLES is located after RETURN VALUES section. -sub check_example_location() +# Check if SECTION is located before BEFORE +sub check_section_location() { my $filename = shift; my $contents = shift; + my $section = shift; + my $before = shift; - return unless $contents =~ /=head1 RETURN VALUES/ - and $contents =~ /=head1 EXAMPLES/; - print "$filename: RETURN VAULES should be placed before EXAMPLES section\n" - if $contents =~ /=head1 EXAMPLES.*=head1 RETURN VALUES/ms; + return unless $contents =~ /=head1 $section/ + and $contents =~ /=head1 $before/; + print "$filename: $section should be placed before $before section\n" + if $contents =~ /=head1 $before.*=head1 $section/ms; } sub check() @@ -167,7 +169,12 @@ sub check() close POD; } - &check_example_location($filename, $contents) if $filename =~ m|man3/|; + # Check if EXAMPLES is located after RETURN VALUES section. + &check_section_location($filename, $contents, "RETURN VALUES", "EXAMPLES") if $filename =~ m|man3/|; + # Check if HISTORY is located after SEE ALSO + &check_section_location($filename, $contents, "SEE ALSO", "HISTORY") if $filename =~ m|man3/|; + # Check if SEE ALSO is located after EXAMPLES + &check_section_location($filename, $contents, "EXAMPLES", "SEE ALSO") if $filename =~ m|man3/|; my $id = "${filename}:1:"; From builds at travis-ci.org Fri Apr 12 14:16:39 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 12 Apr 2019 14:16:39 +0000 Subject: Still Failing: openssl/openssl#24723 (master - 938e82f) In-Reply-To: Message-ID: <5cb09dc71f234_43fdea3c50e4c1496d2@a2b7a21d-23c3-40f5-9b6f-72fa62c4e122.mail> Build Update for openssl/openssl ------------------------------------- Build: #24723 Status: Still Failing Duration: 23 mins and 17 secs Commit: 938e82f (master) Author: Joshua Lock Message: Further harmonisation of manual page HISTORY sections A couple of minor tweaks to match the style introduced in #7854: - BIO_connect: remove line break to make more grep friendly - SSL_CTX_new: harmoise the format of the HISTORY section Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8729) View the changeset: https://github.com/openssl/openssl/compare/fd367b4ce37d...938e82f622eb View the full build log and details: https://travis-ci.org/openssl/openssl/builds/519266414?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 12 16:47:42 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Apr 2019 16:47:42 +0000 Subject: Build failed: openssl master.24131 Message-ID: <20190412164742.1.0AE39AFA87CE3FCE@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 12 19:09:43 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Apr 2019 19:09:43 +0000 Subject: Build failed: openssl master.24133 Message-ID: <20190412190943.1.90A9596541E13BD9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Apr 13 14:36:21 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 13 Apr 2019 14:36:21 +0000 Subject: Build failed: openssl master.24141 Message-ID: <20190413143621.1.47F15FCC863251A8@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Apr 13 15:29:11 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 13 Apr 2019 15:29:11 +0000 Subject: Build failed: openssl master.24142 Message-ID: <20190413152911.1.B43E865135084BFB@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Apr 13 16:35:35 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 13 Apr 2019 16:35:35 +0000 Subject: Build failed: openssl master.24143 Message-ID: <20190413163535.1.BB9B1BCAD19481FC@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Apr 14 06:39:14 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 14 Apr 2019 06:39:14 +0000 Subject: Build failed: openssl master.24144 Message-ID: <20190414063914.1.2359536592AFA78F@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Apr 14 07:28:52 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 14 Apr 2019 07:28:52 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5cb2e133ddf56_6f32ac098f38f584651@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEvyxzJHSwEoiXkZglM3WeHA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0jg7WaOWRWFdbKN-2BfaocDszl3ZyhQ8xoSLit0eNY8PX4qBCBX5yCcmgZ9Nf7A-2B-2FGn7jWhdofcQ-2BkDHB3SZdfzxOgqLhA0koqFhKJGZGaylu7x0MNJd6yHRCsaefZAZ8mOfCgu1rPWkkIUTAIsWy291ycQ8Zg6YcIRdAM3KtY1GM-2BcBNee0r8f8QvXfD3Nb660-3D Build ID: 251900 Analysis Summary: New defects found: 0 Defects eliminated: 4 From scan-admin at coverity.com Sun Apr 14 07:47:05 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 14 Apr 2019 07:47:05 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5cb2e57899cd5_10142ac098f38f58463b@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEOo3rtGjiQZqYPGgcjfkiXQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0wOUTZe-2BDgXc1BOYg4utPYbJtAkhVkV4Boy6WVn2i5ZCzzhvFyHJQitqjjrHmUqXxV-2Bjy0U-2FPO-2FmYSUtz-2B48-2B07d-2BxSJjMRbMH4dVdrDrVng5bxCRsRy1qX-2BFP2zCduSP8weZriFH44PTmSdFcOXn69w4GuIEMg7hwZvMLbjH6-2Ffxlik0eRY2IPVkBOCC-2BnR4-3D Build ID: 251901 Analysis Summary: New defects found: 0 Defects eliminated: 0 From bernd.edlinger at hotmail.de Sun Apr 14 09:26:21 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 14 Apr 2019 09:26:21 +0000 Subject: [openssl] master update Message-ID: <1555233981.894118.32741.nullmailer@dev.openssl.org> The branch master has been updated via 3051bf2afab7ac8b7b9c64e68755d1addd2fb8ff (commit) from 938e82f622eb04ebbfe534c79d234d0f6a0df035 (commit) - Log ----------------------------------------------------------------- commit 3051bf2afab7ac8b7b9c64e68755d1addd2fb8ff Author: Bernd Edlinger Date: Fri Apr 12 14:28:00 2019 +0200 Don't use coordinate blinding when scalar is group order This happens in ec_key_simple_check_key and EC_GROUP_check. Since the the group order is not a secret scalar, it is unnecessary to use coordinate blinding. Fixes: #8731 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8734) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_mult.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 755d644..968125f 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -441,7 +441,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * scalar multiplication implementation based on a Montgomery ladder, * with various timing attack defenses. */ - if ((scalar != NULL) && (num == 0)) { + if ((scalar != group->order) && (scalar != NULL) && (num == 0)) { /*- * In this case we want to compute scalar * GeneratorPoint: this * codepath is reached most prominently by (ephemeral) key @@ -452,7 +452,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, */ return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); } - if ((scalar == NULL) && (num == 1)) { + if ((scalar == NULL) && (num == 1) && (scalars[0] != group->order)) { /*- * In this case we want to compute scalar * VariablePoint: this * codepath is reached most prominently by the second half of ECDH, From bernd.edlinger at hotmail.de Sun Apr 14 09:27:11 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 14 Apr 2019 09:27:11 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1555234031.345176.1178.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e861d659c0b2ddccc5eff577b322d2fd4a8f9616 (commit) from dbd233b8038a0daba891335548d95a0d6f26807d (commit) - Log ----------------------------------------------------------------- commit e861d659c0b2ddccc5eff577b322d2fd4a8f9616 Author: Bernd Edlinger Date: Fri Apr 12 14:28:00 2019 +0200 Don't use coordinate blinding when scalar is group order This happens in ec_key_simple_check_key and EC_GROUP_check. Since the the group order is not a secret scalar, it is unnecessary to use coordinate blinding. Fixes: #8731 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8734) (cherry picked from commit 3051bf2afab7ac8b7b9c64e68755d1addd2fb8ff) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_mult.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index ce5796d..11c7be1 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -441,7 +441,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * scalar multiplication implementation based on a Montgomery ladder, * with various timing attack defenses. */ - if ((scalar != NULL) && (num == 0)) { + if ((scalar != group->order) && (scalar != NULL) && (num == 0)) { /*- * In this case we want to compute scalar * GeneratorPoint: this * codepath is reached most prominently by (ephemeral) key @@ -452,7 +452,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, */ return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); } - if ((scalar == NULL) && (num == 1)) { + if ((scalar == NULL) && (num == 1) && (scalars[0] != group->order)) { /*- * In this case we want to compute scalar * VariablePoint: this * codepath is reached most prominently by the second half of ECDH, From builds at travis-ci.org Sun Apr 14 09:48:55 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 14 Apr 2019 09:48:55 +0000 Subject: Still Failing: openssl/openssl#24742 (master - 3051bf2) In-Reply-To: Message-ID: <5cb30206ebc7c_43f80eb966760203949@1b9377b6-894f-4951-bfc1-0f10da078e86.mail> Build Update for openssl/openssl ------------------------------------- Build: #24742 Status: Still Failing Duration: 21 mins and 49 secs Commit: 3051bf2 (master) Author: Bernd Edlinger Message: Don't use coordinate blinding when scalar is group order This happens in ec_key_simple_check_key and EC_GROUP_check. Since the the group order is not a secret scalar, it is unnecessary to use coordinate blinding. Fixes: #8731 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8734) View the changeset: https://github.com/openssl/openssl/compare/938e82f622eb...3051bf2afab7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/519874215?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sun Apr 14 09:59:27 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 14 Apr 2019 09:59:27 +0000 Subject: Still Failing: openssl/openssl#24743 (OpenSSL_1_1_1-stable - e861d65) In-Reply-To: Message-ID: <5cb3047f9361b_43f853c8280c414056a@7ff3fc15-a1d5-4536-83dd-3534406582ba.mail> Build Update for openssl/openssl ------------------------------------- Build: #24743 Status: Still Failing Duration: 28 mins and 36 secs Commit: e861d65 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Don't use coordinate blinding when scalar is group order This happens in ec_key_simple_check_key and EC_GROUP_check. Since the the group order is not a secret scalar, it is unnecessary to use coordinate blinding. Fixes: #8731 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8734) (cherry picked from commit 3051bf2afab7ac8b7b9c64e68755d1addd2fb8ff) View the changeset: https://github.com/openssl/openssl/compare/dbd233b8038a...e861d659c0b2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/519874344?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Sun Apr 14 15:50:14 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 14 Apr 2019 15:50:14 +0000 Subject: [openssl] master update Message-ID: <1555257014.016600.5008.nullmailer@dev.openssl.org> The branch master has been updated via 15972296af6b98ae495ada9d4695f2a0e71f891c (commit) from 3051bf2afab7ac8b7b9c64e68755d1addd2fb8ff (commit) - Log ----------------------------------------------------------------- commit 15972296af6b98ae495ada9d4695f2a0e71f891c Author: David Benjamin Date: Tue Jan 29 04:39:17 2019 +0000 Fix calling convention bug in ecp_nistz256_ord_sqr_mont The rep parameter takes an int in C, but the assembly implementation looks at the upper bits. While it's unlikely to happen here, where all calls pass a constant, in other scenarios x86_64 compilers will leave arbitrary values in the upper half. Fix this by making the C prototype match the assembly. (This aspect of the calling convention implies smaller-than-word arguments in assembly functions should be avoided. There are far fewer things to test if everything consistently takes word-sized arguments.) This was found as part of ABI testing work in BoringSSL. Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8108) ----------------------------------------------------------------------- Summary of changes: crypto/ec/asm/ecp_nistz256-armv8.pl | 2 +- crypto/ec/asm/ecp_nistz256-ppc64.pl | 2 +- crypto/ec/asm/ecp_nistz256-x86_64.pl | 2 +- crypto/ec/ecp_nistz256.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl index 8914f1a..4daa8cc 100644 --- a/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1488,7 +1488,7 @@ $code.=<<___; //////////////////////////////////////////////////////////////////////// // void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4], -// int rep); +// uint64_t rep); .globl ecp_nistz256_ord_sqr_mont .type ecp_nistz256_ord_sqr_mont,%function .align 4 diff --git a/crypto/ec/asm/ecp_nistz256-ppc64.pl b/crypto/ec/asm/ecp_nistz256-ppc64.pl index b1cd190..c06a7c0 100755 --- a/crypto/ec/asm/ecp_nistz256-ppc64.pl +++ b/crypto/ec/asm/ecp_nistz256-ppc64.pl @@ -1919,7 +1919,7 @@ $code.=<<___; ################################################################################ # void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4], -# int rep); +# uint64_t rep); .globl ecp_nistz256_ord_sqr_mont .align 5 ecp_nistz256_ord_sqr_mont: diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index a28ee8e..e1e23ca 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -826,7 +826,7 @@ $code.=<<___; # void ecp_nistz256_ord_sqr_mont( # uint64_t res[4], # uint64_t a[4], -# int rep); +# uint64_t rep); .globl ecp_nistz256_ord_sqr_mont .type ecp_nistz256_ord_sqr_mont,\@function,3 diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 6a64bc4..66bf4ec 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1467,7 +1467,7 @@ void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS], const BN_ULONG b[P256_LIMBS]); void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS], - int rep); + BN_ULONG rep); static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, const BIGNUM *x, BN_CTX *ctx) From builds at travis-ci.org Sun Apr 14 16:09:02 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 14 Apr 2019 16:09:02 +0000 Subject: Still Failing: openssl/openssl#24744 (master - 1597229) In-Reply-To: Message-ID: <5cb35b1e173_43fb6301adc241336e4@42d4a7d3-fdb8-4b17-86ae-9214ae300b19.mail> Build Update for openssl/openssl ------------------------------------- Build: #24744 Status: Still Failing Duration: 18 mins and 9 secs Commit: 1597229 (master) Author: David Benjamin Message: Fix calling convention bug in ecp_nistz256_ord_sqr_mont The rep parameter takes an int in C, but the assembly implementation looks at the upper bits. While it's unlikely to happen here, where all calls pass a constant, in other scenarios x86_64 compilers will leave arbitrary values in the upper half. Fix this by making the C prototype match the assembly. (This aspect of the calling convention implies smaller-than-word arguments in assembly functions should be avoided. There are far fewer things to test if everything consistently takes word-sized arguments.) This was found as part of ABI testing work in BoringSSL. Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8108) View the changeset: https://github.com/openssl/openssl/compare/3051bf2afab7...15972296af6b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/519955960?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Sun Apr 14 22:18:57 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 14 Apr 2019 22:18:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1555280337.985081.17794.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 15972296af Fix calling convention bug in ecp_nistz256_ord_sqr_mont 3051bf2afa Don't use coordinate blinding when scalar is group order 938e82f622 Further harmonisation of manual page HISTORY sections b5c4bbbe54 Update various man pages to place HISTORY section after SEE ALSO 573ac8f222 Add a check for history section location to find-doc-nits 95f92d5775 Make check_example_location() in find-doc-nits generic fd367b4ce3 Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt() 9bba2c4c97 Add CMAC speed measurements 6517516324 Add prediction resistance capability to the DRBG reseeding process. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__asan_report_store1' crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:64: undefined reference to `__asan_stack_malloc_2' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:170: undefined reference to `__asan_stack_malloc_1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:178: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:179: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:180: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:181: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:182: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:183: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:188: undefined reference to `__asan_report_load1' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:189: undefined reference to `__asan_report_store4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:190: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:203: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:205: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:208: undefined reference to `__asan_report_load4' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-asan/../openssl/crypto/sha/sha256.c:209: more undefined references to `__asan_report_load4' follow crypto/sha/fips-dso-sha256.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_register_globals' crypto/sha/fips-dso-sha256.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:189: undefined reference to `__asan_unregister_globals' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__asan_report_store8' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:43: undefined reference to `__asan_memcpy' providers/common/digests/fips-dso-sha2.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_register_globals' providers/common/digests/fips-dso-sha2.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__asan_unregister_globals' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__asan_report_store8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__asan_report_load8' providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:63: undefined reference to `__asan_report_store4' providers/fips/fips-dso-fipsprov.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_register_globals' providers/fips/fips-dso-fipsprov.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/providers/fips/fipsprov.c:69: undefined reference to `__asan_unregister_globals' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:106: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:107: undefined reference to `__asan_report_load4' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:120: undefined reference to `__asan_report_store8' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__asan_report_load8' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-asan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__asan_report_load8' test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:47: undefined reference to `__asan_option_detect_stack_use_after_return' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:47: undefined reference to `__asan_stack_malloc_3' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:51: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:52: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:76: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:77: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:86: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:86: undefined reference to `__asan_report_store8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:87: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:88: undefined reference to `__asan_report_load8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_set_shadow_f5' test/p_test-dso-p_test.o: In function `asan.module_ctor': /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_init' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_version_mismatch_check_v8' /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_register_globals' test/p_test-dso-p_test.o: In function `asan.module_dtor': /home/openssl/run-checker/enable-asan/../openssl/test/p_test.c:93: undefined reference to `__asan_unregister_globals' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6956: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Mon Apr 15 01:18:08 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Apr 2019 01:18:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1555291088.437408.6604.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 15972296af Fix calling convention bug in ecp_nistz256_ord_sqr_mont 3051bf2afa Don't use coordinate blinding when scalar is group order 938e82f622 Further harmonisation of manual page HISTORY sections b5c4bbbe54 Update various man pages to place HISTORY section after SEE ALSO 573ac8f222 Add a check for history section location to find-doc-nits 95f92d5775 Make check_example_location() in find-doc-nits generic fd367b4ce3 Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt() 9bba2c4c97 Add CMAC speed measurements 6517516324 Add prediction resistance capability to the DRBG reseeding process. Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl e_os2 > test/buildtest_e_os2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ebcdic > test/buildtest_ebcdic.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ec > test/buildtest_ec.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ess > test/buildtest_ess.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl params > test/buildtest_params.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl provider > test/buildtest_provider.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/casttest-bin-casttest.d.tmp -MT test/casttest-bin-casttest.o -c -o test/casttest-bin-casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Iapps/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/chacha_internal_test-bin-chacha_internal_test.d.tmp -MT test/chacha_internal_test-bin-chacha_internal_test.o -c -o test/chacha_internal_test-bin-chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -Iapps/include -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c ../openssl/test/ectest.c:1889:24: error: implicit declaration of function 'BN_GF2m_add' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(BN_GF2m_add(x, x, field))) ^ ../openssl/test/ectest.c:1889:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] 2 errors generated. Makefile:15271: recipe for target 'test/ectest-bin-ectest.o' failed make[1]: *** [test/ectest-bin-ectest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Mon Apr 15 05:16:03 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Apr 2019 05:16:03 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1555305363.044958.19558.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 15972296af Fix calling convention bug in ecp_nistz256_ord_sqr_mont 3051bf2afa Don't use coordinate blinding when scalar is group order 938e82f622 Further harmonisation of manual page HISTORY sections b5c4bbbe54 Update various man pages to place HISTORY section after SEE ALSO 573ac8f222 Add a check for history section location to find-doc-nits 95f92d5775 Make check_example_location() in find-doc-nits generic fd367b4ce3 Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt() 9bba2c4c97 Add CMAC speed measurements 6517516324 Add prediction resistance capability to the DRBG reseeding process. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:22: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:38: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:55: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' test/p_test-dso-p_test.oproviders/fips/fips-dso-fipsprov.o: In function `: In function `fips_get_paramsOSSL_provider_init': ': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:34102: undefined reference to `: undefined reference to `__afl_prev_loc' __afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:__afl_area_ptr102' : undefined reference to `/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:__afl_area_ptr40' : undefined reference to `__afl_prev_loc/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:' 106: undefined reference to `/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:__afl_prev_loc42' : undefined reference to `/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:__afl_prev_loc103' : undefined reference to `/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:__afl_prev_loc43' : undefined reference to `/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:__afl_prev_loc110' : undefined reference to `/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:__afl_prev_loc45' : undefined reference to `__afl_prev_loc/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:' (.text/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:+0x46fd: undefined reference to `)__afl_prev_loc: undefined reference to `' __afl_prev_loc' providers/fips/fips-dso-fipsprov.o/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:120:: undefined reference to `/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:__afl_prev_loc49' : more undefined references to `test/p_test-dso-p_test.o__afl_prev_loc:' follow /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41providers/fips/fips-dso-fipsprov.o: more undefined references to `: In function `__afl_prev_locfips_query' follow ': test/p_test-dso-p_test.o/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:: In function `59p_get_param_types: undefined reference to `': __afl_area_ptr/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:' 41: undefined reference to `__afl_area_ptr' test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:74: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:83: more undefined references to `__afl_prev_loc' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6956: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: *** Waiting for unfinished jobs.... Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Mon Apr 15 08:46:16 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 15 Apr 2019 08:46:16 +0000 Subject: [openssl] master update Message-ID: <1555317976.147839.14035.nullmailer@dev.openssl.org> The branch master has been updated via f2dbb71cb6bf6cd570f96e7663a22dd87854f08b (commit) via 0ad50b4dee36d4b576473ccbf744284d66fbffd6 (commit) from 15972296af6b98ae495ada9d4695f2a0e71f891c (commit) - Log ----------------------------------------------------------------- commit f2dbb71cb6bf6cd570f96e7663a22dd87854f08b Author: Richard Levitte Date: Mon Apr 15 09:40:22 2019 +0200 providers/common/digests/sha2.c: forward declare all dispatched functions Forward declare the dispatched functions using typedefs from core_numbers.h. This will ensure that they have correct signatures. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8747) commit 0ad50b4dee36d4b576473ccbf744284d66fbffd6 Author: Richard Levitte Date: Mon Apr 15 09:37:51 2019 +0200 Providers: for the digest_final operation, pass a output buffer size This allows the provider digest_final operation to check that it doesn't over-run the output buffer. The EVP_DigestFinal_ex function doesn't take that same parameter, so it will have to assume that the user provided a properly sized buffer, but this leaves better room for future enhancements of the public API. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8747) ----------------------------------------------------------------------- Summary of changes: crypto/evp/digest.c | 7 ++++--- include/openssl/core_numbers.h | 4 ++-- providers/common/digests/sha2.c | 24 +++++++++++++++++++++--- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 527c5d6..e4787e6 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -295,6 +295,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) { int ret; size_t size = 0; + size_t mdsize = EVP_MD_size(ctx->digest); if (ctx->digest == NULL || ctx->digest->prov == NULL) goto legacy; @@ -304,7 +305,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) return 0; } - ret = ctx->digest->dfinal(ctx->provctx, md, &size); + ret = ctx->digest->dfinal(ctx->provctx, md, &size, mdsize); if (isize != NULL) { if (size <= UINT_MAX) { @@ -321,10 +322,10 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) /* TODO(3.0): Remove legacy code below */ legacy: - OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); + OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (isize != NULL) - *isize = ctx->digest->md_size; + *isize = mdsize; if (ctx->digest->cleanup) { ctx->digest->cleanup(ctx); EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 1e53627..2054381 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -91,10 +91,10 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *vctx)) OSSL_CORE_MAKE_FUNC(int, OP_digest_update, (void *, const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(int, OP_digest_final, - (void *, unsigned char *out, size_t *outl)) + (void *, unsigned char *out, size_t *outl, size_t outsz)) OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, (const unsigned char *in, size_t inl, unsigned char *out, - size_t *out_l)) + size_t *out_l, size_t outsz)) OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *vctx)) diff --git a/providers/common/digests/sha2.c b/providers/common/digests/sha2.c index 4332e98..3698046 100644 --- a/providers/common/digests/sha2.c +++ b/providers/common/digests/sha2.c @@ -11,10 +11,28 @@ #include #include -static int sha256_final(void *ctx, unsigned char *md, size_t *size) +/* + * Forward declaration of everything implemented here. This is not strictly + * necessary for the compiler, but provides an assurance that the signatures + * of the functions in the dispatch table are correct. + */ +static OSSL_OP_digest_newctx_fn sha256_newctx; +#if 0 /* Not defined here */ +static OSSL_OP_digest_init_fn sha256_init; +static OSSL_OP_digest_update_fn sha256_update; +#endif +static OSSL_OP_digest_final_fn sha256_final; +static OSSL_OP_digest_freectx_fn sha256_freectx; +static OSSL_OP_digest_dupctx_fn sha256_dupctx; +static OSSL_OP_digest_size_fn sha256_size; +static OSSL_OP_digest_block_size_fn sha256_size; + +static int sha256_final(void *ctx, + unsigned char *md, size_t *mdl, size_t mdsz) { - if (SHA256_Final(md, ctx)) { - *size = SHA256_DIGEST_LENGTH; + if (mdsz >= SHA256_DIGEST_LENGTH + && SHA256_Final(md, ctx)) { + *mdl = SHA256_DIGEST_LENGTH; return 1; } From builds at travis-ci.org Mon Apr 15 09:12:12 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Apr 2019 09:12:12 +0000 Subject: Still Failing: openssl/openssl#24755 (master - f2dbb71) In-Reply-To: Message-ID: <5cb44aebd2454_43fa1ab0510f421472b@efeecb8f-5d13-472b-8848-5002e5dcd4a7.mail> Build Update for openssl/openssl ------------------------------------- Build: #24755 Status: Still Failing Duration: 25 mins and 12 secs Commit: f2dbb71 (master) Author: Richard Levitte Message: providers/common/digests/sha2.c: forward declare all dispatched functions Forward declare the dispatched functions using typedefs from core_numbers.h. This will ensure that they have correct signatures. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8747) View the changeset: https://github.com/openssl/openssl/compare/15972296af6b...f2dbb71cb6bf View the full build log and details: https://travis-ci.org/openssl/openssl/builds/520185218?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Apr 15 10:07:35 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Apr 2019 10:07:35 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1555322855.601464.6337.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 15972296af Fix calling convention bug in ecp_nistz256_ord_sqr_mont 3051bf2afa Don't use coordinate blinding when scalar is group order 938e82f622 Further harmonisation of manual page HISTORY sections b5c4bbbe54 Update various man pages to place HISTORY section after SEE ALSO 573ac8f222 Add a check for history section location to find-doc-nits 95f92d5775 Make check_example_location() in find-doc-nits generic fd367b4ce3 Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt() 9bba2c4c97 Add CMAC speed measurements 6517516324 Add prediction resistance capability to the DRBG reseeding process. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: more undefined references to `__ubsan_handle_shift_out_of_bounds_abort' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:202: undefined reference to `__ubsan_handle_add_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:228: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-ubsan/../openssl/providers/common/digests/sha2.c:17: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:84: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-ubsan/../openssl/providers/fips/fipsprov.c:63: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -fno-sanitize=alignment -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -MMD -MF apps/openssl-bin-asn1pars.d.tmp -MT apps/openssl-bin-asn1pars.o -c -o apps/openssl-bin-asn1pars.o ../openssl/apps/asn1pars.c clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12768: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:107: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:106: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:120: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_param_types': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:55: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o: In function `OSSL_get_core_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/include/openssl/core_numbers.h:58: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:52: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:74: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:76: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:77: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:86: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:87: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: more undefined references to `__ubsan_handle_type_mismatch_v1_abort' follow test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:88: undefined reference to `__ubsan_handle_nonnull_arg_abort' /home/openssl/run-checker/enable-ubsan/../openssl/test/p_test.c:51: undefined reference to `__ubsan_handle_pointer_overflow_abort' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:12844: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From matthias.st.pierre at ncp-e.com Mon Apr 15 10:32:46 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Mon, 15 Apr 2019 10:32:46 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1555324366.541387.31339.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 1ced49fbb7428994b137248d52f108d4045bb4a3 (commit) via 18bad53564e10b92832475dfce0c56665b5d3bed (commit) via 3b01f353b8533f2d66f7411c3513d9444ba68329 (commit) via 32a775df9b720781220556549d7e52c45ebb562d (commit) via a345fa370e6acd1293e7370a85266e87dc7ebc38 (commit) via d090fc0019b8ef04bcae8c7eafe98950a9694fc8 (commit) from e861d659c0b2ddccc5eff577b322d2fd4a8f9616 (commit) - Log ----------------------------------------------------------------- commit 1ced49fbb7428994b137248d52f108d4045bb4a3 Author: Joshua Lock Date: Thu Apr 11 15:38:56 2019 +0100 Further harmonisation of manual page HISTORY sections A couple of minor tweaks to match the style introduced in #7854: - BIO_connect: remove line break to make more grep friendly - SSL_CTX_new: harmoise the format of the HISTORY section Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (cherry picked from commit 938e82f622eb04ebbfe534c79d234d0f6a0df035) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8736) commit 18bad53564e10b92832475dfce0c56665b5d3bed Author: Joshua Lock Date: Tue Apr 9 15:13:55 2019 +0100 Update various man pages to place HISTORY section after SEE ALSO SEE ALSO before HISTORY is the more common pattern in OpenSSL manual pages and seems to be the prevalent order based on sampling my system manual pages. Fixes #8631 Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (cherry picked from commit b5c4bbbe54e112b976155004b3d702e47ce7d9d9) Conflicts: doc/man3/RAND_DRBG_generate.pod doc/man3/RAND_DRBG_reseed.pod Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8736) commit 3b01f353b8533f2d66f7411c3513d9444ba68329 Author: Joshua Lock Date: Tue Apr 9 15:10:08 2019 +0100 Add a check for history section location to find-doc-nits Check that the HISTORY section is located after the SEE ALSO section, this is a much more frequent order in OpenSSL manual pages (and UNIX manual pages in general). Also check that SEE ALSO comes after EXAMPLES, so that the tool can ensure the correct manual section sequence. Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (cherry picked from commit 573ac8f2228241771f727ecd8ff10f54073536d3) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8736) commit 32a775df9b720781220556549d7e52c45ebb562d Author: Joshua Lock Date: Tue Apr 9 14:53:58 2019 +0100 Make check_example_location() in find-doc-nits generic Change to check_section_location(), a generic function to ensure that section SECTION appears before section BEFORE in the man pages. Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (cherry picked from commit 95f92d57755a9bfc83135a585da69d497f7293d9) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8736) commit a345fa370e6acd1293e7370a85266e87dc7ebc38 Author: Paul Yang Date: Tue Feb 26 13:51:02 2019 +0800 Add section order check in util/find-doc-nits This patch checks if the EXAMPLES section in a pod file is placed before the RETURN VALUES section. Reviewed-by: Richard Levitte (cherry picked from commit cc838ee2d66f7295bf7a7e6695aab1080d6791e9) Reviewed-by: Matt Caswell Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8736) commit d090fc0019b8ef04bcae8c7eafe98950a9694fc8 Author: Paul Yang Date: Tue Feb 26 13:11:10 2019 +0800 Place return values after examples in doc Reviewed-by: Richard Levitte (cherry picked from commit 4564e77ae9dd1866e8a033f03511b6a1792c024e) Conflicts: doc/internal/man3/openssl_ctx_get_data.pod (non-existant) doc/man3/OPENSSL_s390xcap.pod (non-existant) Reviewed-by: Matt Caswell Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8736) ----------------------------------------------------------------------- Summary of changes: doc/man3/ASN1_TIME_set.pod | 64 ++++++------ doc/man3/ASN1_generate_nconf.pod | 14 +-- doc/man3/BIO_connect.pod | 14 +-- doc/man3/BIO_push.pod | 14 +-- doc/man3/BIO_s_file.pod | 36 +++---- doc/man3/BN_rand.pod | 20 ++-- doc/man3/BN_security_bits.pod | 10 +- doc/man3/CONF_modules_load_file.pod | 12 +-- doc/man3/DES_random_key.pod | 12 +-- doc/man3/EVP_PKEY_set1_RSA.pod | 14 +-- doc/man3/OBJ_nid2obj.pod | 22 ++-- doc/man3/PEM_read_bio_PrivateKey.pod | 140 +++++++++++++------------- doc/man3/RAND_DRBG_generate.pod | 10 +- doc/man3/RAND_DRBG_get0_master.pod | 11 +- doc/man3/RAND_DRBG_new.pod | 10 +- doc/man3/RAND_DRBG_reseed.pod | 10 +- doc/man3/RAND_DRBG_set_callbacks.pod | 11 +- doc/man3/RAND_add.pod | 12 +-- doc/man3/RAND_bytes.pod | 20 ++-- doc/man3/RAND_cleanup.pod | 10 +- doc/man3/SSL_CIPHER_get_name.pod | 12 +-- doc/man3/SSL_CONF_cmd.pod | 34 +++---- doc/man3/SSL_CTX_load_verify_locations.pod | 34 +++---- doc/man3/SSL_CTX_new.pod | 14 +-- doc/man3/SSL_CTX_set1_sigalgs.pod | 8 +- doc/man3/SSL_CTX_set_default_passwd_cb.pod | 12 +-- doc/man3/SSL_CTX_set_generate_session_id.pod | 16 +-- doc/man3/SSL_CTX_set_min_proto_version.pod | 10 +- doc/man3/SSL_CTX_set_split_send_fragment.pod | 10 +- doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 8 +- doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 16 +-- doc/man3/SSL_load_client_CA_file.pod | 30 +++--- doc/man3/SSL_read.pod | 10 +- doc/man3/SSL_write.pod | 10 +- doc/man3/X509_NAME_add_entry_by_txt.pod | 18 ++-- doc/man3/X509_NAME_get_index_by_NID.pod | 24 ++--- doc/man3/X509_get_subject_name.pod | 18 ++-- doc/man3/d2i_X509.pod | 26 ++--- util/find-doc-nits | 23 ++++- 39 files changed, 409 insertions(+), 390 deletions(-) diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod index a083ebf..66525f9 100644 --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -173,38 +173,6 @@ certificates complying with RFC5280 et al use GMT anyway. Use the ASN1_TIME_normalize() function to normalize the time value before printing to get GMT results. -=head1 EXAMPLES - -Set a time structure to one hour after the current time and print it out: - - #include - #include - - ASN1_TIME *tm; - time_t t; - BIO *b; - - t = time(NULL); - tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); - b = BIO_new_fp(stdout, BIO_NOCLOSE); - ASN1_TIME_print(b, tm); - ASN1_STRING_free(tm); - BIO_free(b); - -Determine if one time is later or sooner than the current time: - - int day, sec; - - if (!ASN1_TIME_diff(&day, &sec, NULL, to)) - /* Invalid time format */ - - if (day > 0 || sec > 0) - printf("Later\n"); - else if (day < 0 || sec < 0) - printf("Sooner\n"); - else - printf("Same\n"); - =head1 RETURN VALUES ASN1_TIME_set(), ASN1_UTCTIME_set(), ASN1_GENERALIZEDTIME_set(), ASN1_TIME_adj(), @@ -238,6 +206,38 @@ ASN1_TIME_compare() returns -1 if B is before B, 0 if B equals B, or ASN1_TIME_to_generalizedtime() returns a pointer to the appropriate time structure on success or NULL if an error occurred. +=head1 EXAMPLES + +Set a time structure to one hour after the current time and print it out: + + #include + #include + + ASN1_TIME *tm; + time_t t; + BIO *b; + + t = time(NULL); + tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); + b = BIO_new_fp(stdout, BIO_NOCLOSE); + ASN1_TIME_print(b, tm); + ASN1_STRING_free(tm); + BIO_free(b); + +Determine if one time is later or sooner than the current time: + + int day, sec; + + if (!ASN1_TIME_diff(&day, &sec, NULL, to)) + /* Invalid time format */ + + if (day > 0 || sec > 0) + printf("Later\n"); + else if (day < 0 || sec < 0) + printf("Sooner\n"); + else + printf("Same\n"); + =head1 HISTORY The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1. diff --git a/doc/man3/ASN1_generate_nconf.pod b/doc/man3/ASN1_generate_nconf.pod index bf29af6..df37167 100644 --- a/doc/man3/ASN1_generate_nconf.pod +++ b/doc/man3/ASN1_generate_nconf.pod @@ -162,6 +162,13 @@ bits are zero. =back +=head1 RETURN VALUES + +ASN1_generate_nconf() and ASN1_generate_v3() return the encoded +data as an B structure or B if an error occurred. + +The error codes that can be obtained by L. + =head1 EXAMPLES A simple IA5String: @@ -247,13 +254,6 @@ structure: e=INTEGER:0x010001 -=head1 RETURN VALUES - -ASN1_generate_nconf() and ASN1_generate_v3() return the encoded -data as an B structure or B if an error occurred. - -The error codes that can be obtained by L. - =head1 SEE ALSO L diff --git a/doc/man3/BIO_connect.pod b/doc/man3/BIO_connect.pod index 454832e..2766c3d 100644 --- a/doc/man3/BIO_connect.pod +++ b/doc/man3/BIO_connect.pod @@ -95,19 +95,19 @@ B (-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. -=head1 HISTORY - -BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(), -BIO_get_accept_socket() and BIO_accept() were deprecated in -OpenSSL 1.1.0. Use the functions described above instead. - =head1 SEE ALSO L +=head1 HISTORY + +BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(), +BIO_get_accept_socket() and BIO_accept() were deprecated in OpenSSL 1.1.0. +Use the functions described above instead. + =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod index ce56db9..480b73c 100644 --- a/doc/man3/BIO_push.pod +++ b/doc/man3/BIO_push.pod @@ -36,6 +36,13 @@ The process of calling BIO_push() and BIO_pop() on a BIO may have additional consequences (a control call is made to the affected BIOs) any effects will be noted in the descriptions of individual BIOs. +=head1 RETURN VALUES + +BIO_push() returns the end of the chain, B. + +BIO_pop() returns the next BIO in the chain, or NULL if there is no next +BIO. + =head1 EXAMPLES For these examples suppose B and B are digest BIOs, B is @@ -62,13 +69,6 @@ by B and B. If the call: The call will return B and the new chain will be B data can be written to B as before. -=head1 RETURN VALUES - -BIO_push() returns the end of the chain, B. - -BIO_pop() returns the next BIO in the chain, or NULL if there is no next -BIO. - =head1 SEE ALSO L diff --git a/doc/man3/BIO_s_file.pod b/doc/man3/BIO_s_file.pod index 23cdc9b..5419315 100644 --- a/doc/man3/BIO_s_file.pod +++ b/doc/man3/BIO_s_file.pod @@ -80,6 +80,24 @@ On Windows BIO_new_files reserves for the filename argument to be UTF-8 encoded. In other words if you have to make it work in multi- lingual environment, encode file names in UTF-8. +=head1 RETURN VALUES + +BIO_s_file() returns the file BIO method. + +BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error +occurred. + +BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure +(although the current implementation never return 0). + +BIO_seek() returns the same value as the underlying fseek() function: +0 for success or -1 for failure. + +BIO_tell() returns the current file position. + +BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and +BIO_rw_filename() return 1 for success or 0 for failure. + =head1 EXAMPLES File BIO "hello world": @@ -122,24 +140,6 @@ Alternative technique: BIO_printf(out, "Hello World\n"); BIO_free(out); -=head1 RETURN VALUES - -BIO_s_file() returns the file BIO method. - -BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error -occurred. - -BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure -(although the current implementation never return 0). - -BIO_seek() returns the same value as the underlying fseek() function: -0 for success or -1 for failure. - -BIO_tell() returns the current file position. - -BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and -BIO_rw_filename() return 1 for success or 0 for failure. - =head1 BUGS BIO_reset() and BIO_seek() are implemented using fseek() on the underlying diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index 90b50ff..d57348e 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -59,6 +59,15 @@ seeded with enough randomness to ensure an unpredictable byte sequence. The functions return 1 on success, 0 on error. The error codes can be obtained by L. +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + =head1 HISTORY =over 2 @@ -78,18 +87,9 @@ BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. =back -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_security_bits.pod b/doc/man3/BN_security_bits.pod index f6e5857..acf5902 100644 --- a/doc/man3/BN_security_bits.pod +++ b/doc/man3/BN_security_bits.pod @@ -31,17 +31,17 @@ Number of security bits. ECC (Elliptic Curve Cryptography) is not covered by the BN_security_bits() function. The symmetric algorithms are not covered neither. -=head1 HISTORY - -The BN_security_bits() function was added in OpenSSL 1.1.0. - =head1 SEE ALSO L, L, L +=head1 HISTORY + +The BN_security_bits() function was added in OpenSSL 1.1.0. + =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod index 485cf79..04fbd60 100644 --- a/doc/man3/CONF_modules_load_file.pod +++ b/doc/man3/CONF_modules_load_file.pod @@ -67,6 +67,12 @@ Applications can use the CONF_modules_load() function if they wish to load a configuration file themselves and have finer control over how errors are treated. +=head1 RETURN VALUES + +These functions return 1 for success and a zero or negative value for +failure. If module errors are not ignored the return code will reflect the +return value of the failing module (this will always be zero or negative). + =head1 EXAMPLES Load a configuration file and print out any errors and exit (missing file @@ -122,12 +128,6 @@ Load and parse configuration file manually, custom error handling: NCONF_free(cnf); } -=head1 RETURN VALUES - -These functions return 1 for success and a zero or negative value for -failure. If module errors are not ignored the return code will reflect the -return value of the failing module (this will always be zero or negative). - =head1 SEE ALSO L, L diff --git a/doc/man3/DES_random_key.pod b/doc/man3/DES_random_key.pod index 6e0394d..bd4bd97 100644 --- a/doc/man3/DES_random_key.pod +++ b/doc/man3/DES_random_key.pod @@ -296,6 +296,11 @@ last 4 bytes of the checksum of the input. DES_fcrypt() returns a pointer to the caller-provided buffer and DES_crypt() - to a static buffer on success; otherwise they return NULL. +=head1 SEE ALSO + +L, +L + =head1 HISTORY The requirement that the B parameter to DES_crypt() and DES_fcrypt() @@ -304,14 +309,9 @@ OpenSSL 1.1.0. Previous versions tried to use the letter uppercase B if both character were not present, and could crash when given non-ASCII on some platforms. -=head1 SEE ALSO - -L, -L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index 352e068..a4d6721 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -114,13 +114,6 @@ is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM key as part of its routine to load a private key. -=head1 EXAMPLES - -After loading an ECC key, it is possible to convert it to using SM2 -algorithms with EVP_PKEY_set_alias_type: - - EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); - =head1 RETURN VALUES EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and @@ -141,6 +134,13 @@ EVP_PKEY_set1_engine() returns 1 for success and 0 for failure. EVP_PKEY_set_alias_type() returns 1 for success and 0 for error. +=head1 EXAMPLES + +After loading an ECC key, it is possible to convert it to using SM2 +algorithms with EVP_PKEY_set_alias_type: + + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + =head1 SEE ALSO L diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index cbf889f..2c2e42f 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -130,6 +130,17 @@ These functions cannot return B because an B can represent both an internal, constant, OID and a dynamically-created one. The latter cannot be constant because it needs to be freed after use. +=head1 RETURN VALUES + +OBJ_nid2obj() returns an B structure or B is an +error occurred. + +OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B +on error. + +OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return +a NID or B on error. + =head1 EXAMPLES Create an object for B: @@ -159,17 +170,6 @@ Instead B must point to a valid buffer and B should be set to a positive value. A buffer length of 80 should be more than enough to handle any OID encountered in practice. -=head1 RETURN VALUES - -OBJ_nid2obj() returns an B structure or B is an -error occurred. - -OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B -on error. - -OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return -a NID or B on error. - =head1 SEE ALSO L diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 744a46f..7c381e8 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -298,71 +298,6 @@ arbitrary data to be passed to the callback by the application B return the number of characters in the passphrase or -1 if an error occurred. -=head1 EXAMPLES - -Although the PEM routines take several arguments in almost all applications -most of them are set to 0 or NULL. - -Read a certificate in PEM format from a BIO: - - X509 *x; - - x = PEM_read_bio_X509(bp, NULL, 0, NULL); - if (x == NULL) - /* Error */ - -Alternative method: - - X509 *x = NULL; - - if (!PEM_read_bio_X509(bp, &x, 0, NULL)) - /* Error */ - -Write a certificate to a BIO: - - if (!PEM_write_bio_X509(bp, x)) - /* Error */ - -Write a private key (using traditional format) to a BIO using -triple DES encryption, the pass phrase is prompted for: - - if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) - /* Error */ - -Write a private key (using PKCS#8 format) to a BIO using triple -DES encryption, using the pass phrase "hello": - - if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), - NULL, 0, 0, "hello")) - /* Error */ - -Read a private key from a BIO using a pass phrase callback: - - key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); - if (key == NULL) - /* Error */ - -Skeleton pass phrase callback: - - int pass_cb(char *buf, int size, int rwflag, void *u) - { - - /* We'd probably do something else if 'rwflag' is 1 */ - printf("Enter pass phrase for \"%s\"\n", (char *)u); - - /* get pass phrase, length 'len' into 'tmp' */ - char *tmp = "hello"; - if (tmp == NULL) /* An error occurred */ - return -1; - - size_t len = strlen(tmp); - - if (len > size) - len = size; - memcpy(buf, tmp, len); - return len; - } - =head1 NOTES The old B write routines are retained for compatibility. @@ -460,20 +395,85 @@ if an error occurred. The write routines return 1 for success or 0 for failure. -=head1 HISTORY +=head1 EXAMPLES -The old Netscape certificate sequences were no longer documented -in OpenSSL 1.1.0; applications should use the PKCS7 standard instead -as they will be formally deprecated in a future releases. +Although the PEM routines take several arguments in almost all applications +most of them are set to 0 or NULL. + +Read a certificate in PEM format from a BIO: + + X509 *x; + + x = PEM_read_bio_X509(bp, NULL, 0, NULL); + if (x == NULL) + /* Error */ + +Alternative method: + + X509 *x = NULL; + + if (!PEM_read_bio_X509(bp, &x, 0, NULL)) + /* Error */ + +Write a certificate to a BIO: + + if (!PEM_write_bio_X509(bp, x)) + /* Error */ + +Write a private key (using traditional format) to a BIO using +triple DES encryption, the pass phrase is prompted for: + + if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) + /* Error */ + +Write a private key (using PKCS#8 format) to a BIO using triple +DES encryption, using the pass phrase "hello": + + if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), + NULL, 0, 0, "hello")) + /* Error */ + +Read a private key from a BIO using a pass phrase callback: + + key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); + if (key == NULL) + /* Error */ + +Skeleton pass phrase callback: + + int pass_cb(char *buf, int size, int rwflag, void *u) + { + + /* We'd probably do something else if 'rwflag' is 1 */ + printf("Enter pass phrase for \"%s\"\n", (char *)u); + + /* get pass phrase, length 'len' into 'tmp' */ + char *tmp = "hello"; + if (tmp == NULL) /* An error occurred */ + return -1; + + size_t len = strlen(tmp); + + if (len > size) + len = size; + memcpy(buf, tmp, len); + return len; + } =head1 SEE ALSO L, L, L +=head1 HISTORY + +The old Netscape certificate sequences were no longer documented +in OpenSSL 1.1.0; applications should use the PKCS7 standard instead +as they will be formally deprecated in a future releases. + =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_generate.pod b/doc/man3/RAND_DRBG_generate.pod index b39ee93..bee2d6c 100644 --- a/doc/man3/RAND_DRBG_generate.pod +++ b/doc/man3/RAND_DRBG_generate.pod @@ -65,10 +65,6 @@ Since the default DRBG implementation does not have access to such an approved entropy source, a request for prediction resistance will always fail. In other words, prediction resistance is currently not supported yet by the DRBG. -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, @@ -76,9 +72,13 @@ L, L, L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_get0_master.pod b/doc/man3/RAND_DRBG_get0_master.pod index c958bf2..55d1eab 100644 --- a/doc/man3/RAND_DRBG_get0_master.pod +++ b/doc/man3/RAND_DRBG_get0_master.pod @@ -53,11 +53,6 @@ During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely. - -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, @@ -68,9 +63,13 @@ L, L, L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_new.pod b/doc/man3/RAND_DRBG_new.pod index dcd7a94..5da91be 100644 --- a/doc/man3/RAND_DRBG_new.pod +++ b/doc/man3/RAND_DRBG_new.pod @@ -104,10 +104,6 @@ To ensure that they are applied to the global and thread-local DRBG instances RAND_DRBG_set_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, @@ -115,9 +111,13 @@ L, L, L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod index a0a4e56..3610c13 100644 --- a/doc/man3/RAND_DRBG_reseed.pod +++ b/doc/man3/RAND_DRBG_reseed.pod @@ -93,10 +93,6 @@ To ensure that they are applied to the global and thread-local DRBG instances RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, @@ -104,9 +100,13 @@ L, L. L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_set_callbacks.pod b/doc/man3/RAND_DRBG_set_callbacks.pod index a927d6a..3da051e 100644 --- a/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/doc/man3/RAND_DRBG_set_callbacks.pod @@ -124,20 +124,19 @@ In this case the DRBG will automatically request an extra amount of entropy utilize for the nonce, following the recommendations of [NIST SP 800-90A Rev. 1], section 8.6.7. - -=head1 HISTORY - -The RAND_DRBG functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, L, L +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod index b6753fd..4ba6ff9 100644 --- a/doc/man3/RAND_add.pod +++ b/doc/man3/RAND_add.pod @@ -80,11 +80,6 @@ RAND_event() returns RAND_status(). The other functions do not return values. -=head1 HISTORY - -RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should -not be used. - =head1 SEE ALSO L, @@ -92,9 +87,14 @@ L, L, L +=head1 HISTORY + +RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should +not be used. + =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index f257e05..e2265d1 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -43,6 +43,15 @@ return 1 on success, -1 if not supported by the current RAND method, or 0 on other failure. The error code can be obtained by L. +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + =head1 HISTORY =over 2 @@ -57,18 +66,9 @@ The RAND_priv_bytes() function was added in OpenSSL 1.1.1. =back -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod index 3859ce3..e518753 100644 --- a/doc/man3/RAND_cleanup.pod +++ b/doc/man3/RAND_cleanup.pod @@ -23,18 +23,18 @@ L. RAND_cleanup() returns no value. +=head1 SEE ALSO + +L + =head1 HISTORY RAND_cleanup() was deprecated in OpenSSL 1.1.0; do not use it. See L -=head1 SEE ALSO - -L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 8800bbd..26edae3 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -180,6 +180,11 @@ SSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific I SSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the TLS protocol-specific ID. +=head1 SEE ALSO + +L, L, +L, L + =head1 HISTORY The SSL_CIPHER_get_version() function was updated to always return the @@ -196,14 +201,9 @@ required to enable this function. The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. -=head1 SEE ALSO - -L, L, -L, L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index a74e728..7f2449e 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -594,6 +594,23 @@ checking or translation of the command value. For example if the return value is B an application could translate a relative pathname to an absolute pathname. +=head1 RETURN VALUES + +SSL_CONF_cmd() returns 1 if the value of B is recognised and B is +B used and 2 if both B and B are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines. + +A return value of -2 means B is not recognised. + +A return value of -3 means B is recognised and the command requires a +value but B is NULL. + +A return code of 0 indicates that both B and B are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of B in this case the error queue may provide +additional information. + =head1 EXAMPLES Set supported signature algorithms: @@ -640,23 +657,6 @@ Set supported curves to P-256, P-384: SSL_CONF_cmd(ctx, "Curves", "P-256:P-384"); -=head1 RETURN VALUES - -SSL_CONF_cmd() returns 1 if the value of B is recognised and B is -B used and 2 if both B and B are used. In other words it -returns the number of arguments processed. This is useful when processing -command lines. - -A return value of -2 means B is not recognised. - -A return value of -3 means B is recognised and the command requires a -value but B is NULL. - -A return code of 0 indicates that both B and B are valid but an -error occurred attempting to perform the operation: for example due to an -error in the syntax of B in this case the error queue may provide -additional information. - =head1 SEE ALSO L, diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod index a96aafe..e2637d2 100644 --- a/doc/man3/SSL_CTX_load_verify_locations.pod +++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -100,23 +100,6 @@ with different expiration dates. If a "certificate expired" verification error occurs, no other certificate will be searched. Make sure to not have expired certificates mixed with valid ones. -=head1 EXAMPLES - -Generate a CA certificate file with descriptive text from the CA certificates -ca1.pem ca2.pem ca3.pem: - - #!/bin/sh - rm CAfile.pem - for i in ca1.pem ca2.pem ca3.pem ; do - openssl x509 -in $i -text >> CAfile.pem - done - -Prepare the directory /some/where/certs containing several CA certificates -for use as B: - - cd /some/where/certs - c_rehash . - =head1 RETURN VALUES For SSL_CTX_load_verify_locations the following return values can occur: @@ -139,6 +122,23 @@ SSL_CTX_set_default_verify_paths(), SSL_CTX_set_default_verify_dir() and SSL_CTX_set_default_verify_file() all return 1 on success or 0 on failure. A missing default location is still treated as a success. +=head1 EXAMPLES + +Generate a CA certificate file with descriptive text from the CA certificates +ca1.pem ca2.pem ca3.pem: + + #!/bin/sh + rm CAfile.pem + for i in ca1.pem ca2.pem ca3.pem ; do + openssl x509 -in $i -text >> CAfile.pem + done + +Prepare the directory /some/where/certs containing several CA certificates +for use as B: + + cd /some/where/certs + c_rehash . + =head1 SEE ALSO L, diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod index d078341..df25a6f 100644 --- a/doc/man3/SSL_CTX_new.pod +++ b/doc/man3/SSL_CTX_new.pod @@ -190,6 +190,11 @@ SSL_CTX_up_ref() returns 1 for success and 0 for failure. =back +=head1 SEE ALSO + +L, L, L, +L, L, L + =head1 HISTORY Support for SSLv2 and the corresponding SSLv2_method(), @@ -198,18 +203,13 @@ removed in OpenSSL 1.1.0. SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were deprecated and the preferred TLS_method(), TLS_server_method() -and TLS_client_method() functions were introduced in OpenSSL 1.1.0. +and TLS_client_method() functions were added in OpenSSL 1.1.0. All version-specific methods were deprecated in OpenSSL 1.1.0. -=head1 SEE ALSO - -L, L, L, -L, L, L - =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod index 93d5320..335ad33 100644 --- a/doc/man3/SSL_CTX_set1_sigalgs.pod +++ b/doc/man3/SSL_CTX_set1_sigalgs.pod @@ -83,6 +83,10 @@ be used with the B<_list> forms of the API. The use of MD5 as a digest is strongly discouraged due to security weaknesses. +=head1 RETURN VALUES + +All these functions return 1 for success and 0 for failure. + =head1 EXAMPLES Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA @@ -97,10 +101,6 @@ using a string: SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); -=head1 RETURN VALUES - -All these functions return 1 for success and 0 for failure. - =head1 SEE ALSO L, L, diff --git a/doc/man3/SSL_CTX_set_default_passwd_cb.pod b/doc/man3/SSL_CTX_set_default_passwd_cb.pod index 999a70c..991ce7a 100644 --- a/doc/man3/SSL_CTX_set_default_passwd_cb.pod +++ b/doc/man3/SSL_CTX_set_default_passwd_cb.pod @@ -90,20 +90,20 @@ truncated. return strlen(buf); } +=head1 SEE ALSO + +L, +L + =head1 HISTORY SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were added in OpenSSL 1.1.0. -=head1 SEE ALSO - -L, -L - =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_generate_session_id.pod b/doc/man3/SSL_CTX_set_generate_session_id.pod index 2bee351..9242af6 100644 --- a/doc/man3/SSL_CTX_set_generate_session_id.pod +++ b/doc/man3/SSL_CTX_set_generate_session_id.pod @@ -82,6 +82,14 @@ and the same race condition applies. The callback must return 0 if it cannot generate a session id for whatever reason and return 1 on success. +=head1 RETURN VALUES + +SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() +always return 1. + +SSL_has_matching_session_id() returns 1 if another session with the +same id is already in the cache. + =head1 EXAMPLES The callback function listed will generate a session id with the @@ -114,14 +122,6 @@ server id given, and will fill the rest with pseudo random bytes: } -=head1 RETURN VALUES - -SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() -always return 1. - -SSL_has_matching_session_id() returns 1 if another session with the -same id is already in the cache. - =head1 SEE ALSO L, L diff --git a/doc/man3/SSL_CTX_set_min_proto_version.pod b/doc/man3/SSL_CTX_set_min_proto_version.pod index 4586658..7dfbfec 100644 --- a/doc/man3/SSL_CTX_set_min_proto_version.pod +++ b/doc/man3/SSL_CTX_set_min_proto_version.pod @@ -52,18 +52,18 @@ lowest or highest protocol, respectively. All these functions are implemented using macros. +=head1 SEE ALSO + +L, L + =head1 HISTORY The setter functions were added in OpenSSL 1.1.0. The getter functions were added in OpenSSL 1.1.1. -=head1 SEE ALSO - -L, L - =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index 877b4ae..d63ca41 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -162,6 +162,10 @@ SSL_set_default_read_buffer_len(), SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() all these functions are implemented using macros. +=head1 SEE ALSO + +L, L + =head1 HISTORY The SSL_CTX_set_max_pipelines(), SSL_set_max_pipelines(), @@ -172,13 +176,9 @@ functions were added in OpenSSL 1.1.0. The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1. -=head1 SEE ALSO - -L, L - =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 7a4bb34..9ef0bff 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -121,6 +121,10 @@ For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key the overall security is only 128 bits because breaking the ticket key will enable an attacker to obtain the session keys. +=head1 RETURN VALUES + +returns 0 to indicate the callback function was set. + =head1 EXAMPLES Reference Implementation: @@ -175,10 +179,6 @@ Reference Implementation: } } -=head1 RETURN VALUES - -returns 0 to indicate the callback function was set. - =head1 SEE ALSO L, L, diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index a2ac1c0..521d8b4 100644 --- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -81,6 +81,14 @@ are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use the callback but ignore B and B and simply supply at least 2048-bit parameters in the callback. +=head1 RETURN VALUES + +SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return +diagnostic output. + +SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. + =head1 EXAMPLES Setup DH parameters with a key length of 2048 bits. (Error handling @@ -109,14 +117,6 @@ Code for setting up parameters during server initialization: /* Error. */ ... -=head1 RETURN VALUES - -SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return -diagnostic output. - -SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. - =head1 SEE ALSO L, L, diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod index 412b1a0..4372f9f 100644 --- a/doc/man3/SSL_load_client_CA_file.pod +++ b/doc/man3/SSL_load_client_CA_file.pod @@ -23,21 +23,6 @@ the specific usage as support function for L, it is not limited to CA certificates. -=head1 EXAMPLES - -Load names of CAs from file and use it as a client CA list: - - SSL_CTX *ctx; - STACK_OF(X509_NAME) *cert_names; - - ... - cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); - if (cert_names != NULL) - SSL_CTX_set_client_CA_list(ctx, cert_names); - else - /* error */ - ... - =head1 RETURN VALUES The following return values can occur: @@ -54,6 +39,21 @@ Pointer to the subject names of the successfully read certificates. =back +=head1 EXAMPLES + +Load names of CAs from file and use it as a client CA list: + + SSL_CTX *ctx; + STACK_OF(X509_NAME) *cert_names; + + ... + cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); + if (cert_names != NULL) + SSL_CTX_set_client_CA_list(ctx, cert_names); + else + /* error */ + ... + =head1 SEE ALSO L, diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index 1410a02..4da7ad1 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -126,10 +126,6 @@ You should instead call SSL_get_error() to find out if it's retryable. =back -=head1 HISTORY - -The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. - =head1 SEE ALSO L, L, @@ -140,9 +136,13 @@ L, L, L, L, L +=head1 HISTORY + +The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index 3956f1d..84eb948 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -104,10 +104,6 @@ You should instead call SSL_get_error() to find out if it's retryable. =back -=head1 HISTORY - -The SSL_write_ex() function was added in OpenSSL 1.1.1. - =head1 SEE ALSO L, L, L @@ -116,9 +112,13 @@ L, L L, L, L +=head1 HISTORY + +The SSL_write_ex() function was added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_NAME_add_entry_by_txt.pod b/doc/man3/X509_NAME_add_entry_by_txt.pod index b48f090..f6f61aa 100644 --- a/doc/man3/X509_NAME_add_entry_by_txt.pod +++ b/doc/man3/X509_NAME_add_entry_by_txt.pod @@ -74,6 +74,15 @@ structure respectively. This will then be a multivalued RDN: since multivalues RDNs are very seldom used B is almost always set to zero. +=head1 RETURN VALUES + +X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(), +X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for +success of 0 if an error occurred. + +X509_NAME_delete_entry() returns either the deleted B +structure of B if an error occurred. + =head1 EXAMPLES Create an B structure: @@ -95,15 +104,6 @@ Create an B structure: "Joe Bloggs", -1, -1, 0)) /* Error */ -=head1 RETURN VALUES - -X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(), -X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for -success of 0 if an error occurred. - -X509_NAME_delete_entry() returns either the deleted B -structure of B if an error occurred. - =head1 BUGS B can still be set to B to use a diff --git a/doc/man3/X509_NAME_get_index_by_NID.pod b/doc/man3/X509_NAME_get_index_by_NID.pod index 5621806..0012276 100644 --- a/doc/man3/X509_NAME_get_index_by_NID.pod +++ b/doc/man3/X509_NAME_get_index_by_NID.pod @@ -69,6 +69,18 @@ Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() should check for the return value of -2. Alternatively the NID validity can be determined first by checking OBJ_nid2obj(nid) is not NULL. +=head1 RETURN VALUES + +X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() +return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid. + +X509_NAME_entry_count() returns the total number of entries. + +X509_NAME_get_entry() returns an B pointer to the +requested entry or B if the index is invalid. + =head1 EXAMPLES Process all entries: @@ -94,18 +106,6 @@ Process all commonName entries: /* Do something with e */ } -=head1 RETURN VALUES - -X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() -return the index of the next matching entry or -1 if not found. -X509_NAME_get_index_by_NID() can also return -2 if the supplied -NID is invalid. - -X509_NAME_entry_count() returns the total number of entries. - -X509_NAME_get_entry() returns an B pointer to the -requested entry or B if the index is invalid. - =head1 SEE ALSO L, L diff --git a/doc/man3/X509_get_subject_name.pod b/doc/man3/X509_get_subject_name.pod index 7c4a499..807f9d3 100644 --- a/doc/man3/X509_get_subject_name.pod +++ b/doc/man3/X509_get_subject_name.pod @@ -48,14 +48,6 @@ and X509_CRL_get_issuer() return an B pointer. X509_set_subject_name(), X509_set_issuer_name(), X509_REQ_set_subject_name() and X509_CRL_set_issuer_name() return 1 for success and 0 for failure. -=head1 HISTORY - -X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in -earlier versions. - -X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously -added in OpenSSL 1.0.0 as a macro. - =head1 SEE ALSO L, @@ -74,9 +66,17 @@ L, L, L +=head1 HISTORY + +X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in +earlier versions. + +X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. + =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 71985a4..04688a1 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -496,6 +496,19 @@ Represents the B structure defined in PKCS#1 and PKCS#7. =back +=head1 RETURN VALUES + +d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B structure +or B if an error occurs. If the "reuse" capability has been used with +a valid structure being passed in via B, then the object is not freed in +the event of error but may be in a potentially invalid or inconsistent state. + +i2d_TYPE() returns the number of bytes successfully encoded or a negative +value if an error occurs. + +i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error +occurs. + =head1 EXAMPLES Allocate and encode the DER encoding of an X509 structure: @@ -586,19 +599,6 @@ structure has been modified after deserialization or previous serialization. This is because some objects cache the encoding for efficiency reasons. -=head1 RETURN VALUES - -d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B structure -or B if an error occurs. If the "reuse" capability has been used with -a valid structure being passed in via B, then the object is not freed in -the event of error but may be in a potentially invalid or inconsistent state. - -i2d_TYPE() returns the number of bytes successfully encoded or a negative -value if an error occurs. - -i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error -occurs. - =head1 COPYRIGHT Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/util/find-doc-nits b/util/find-doc-nits index 860bb99..7340782 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -137,6 +137,20 @@ sub name_synopsis() } } +# Check if SECTION is located before BEFORE +sub check_section_location() +{ + my $filename = shift; + my $contents = shift; + my $section = shift; + my $before = shift; + + return unless $contents =~ /=head1 $section/ + and $contents =~ /=head1 $before/; + print "$filename: $section should be placed before $before section\n" + if $contents =~ /=head1 $before.*=head1 $section/ms; +} + sub check() { my $filename = shift; @@ -150,6 +164,13 @@ sub check() close POD; } + # Check if EXAMPLES is located after RETURN VALUES section. + &check_section_location($filename, $contents, "RETURN VALUES", "EXAMPLES") if $filename =~ m|man3/|; + # Check if HISTORY is located after SEE ALSO + &check_section_location($filename, $contents, "SEE ALSO", "HISTORY") if $filename =~ m|man3/|; + # Check if SEE ALSO is located after EXAMPLES + &check_section_location($filename, $contents, "EXAMPLES", "SEE ALSO") if $filename =~ m|man3/|; + my $id = "${filename}:1:"; &name_synopsis($id, $filename, $contents) From builds at travis-ci.org Mon Apr 15 10:51:02 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Apr 2019 10:51:02 +0000 Subject: Still Failing: openssl/openssl#24758 (OpenSSL_1_1_1-stable - 1ced49f) In-Reply-To: Message-ID: <5cb46216348b4_43fcad2cb2578165422@0affd951-8e9d-43b8-a01a-2b25913c872a.mail> Build Update for openssl/openssl ------------------------------------- Build: #24758 Status: Still Failing Duration: 17 mins and 33 secs Commit: 1ced49f (OpenSSL_1_1_1-stable) Author: Joshua Lock Message: Further harmonisation of manual page HISTORY sections A couple of minor tweaks to match the style introduced in #7854: - BIO_connect: remove line break to make more grep friendly - SSL_CTX_new: harmoise the format of the HISTORY section Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (cherry picked from commit 938e82f622eb04ebbfe534c79d234d0f6a0df035) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8736) View the changeset: https://github.com/openssl/openssl/compare/e861d659c0b2...1ced49fbb742 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/520224699?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Apr 15 14:48:20 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 15 Apr 2019 14:48:20 +0000 Subject: [openssl] master update Message-ID: <1555339700.384361.27587.nullmailer@dev.openssl.org> The branch master has been updated via 72eb100f8a38c5b3822d7751eddaa2f3f4576fa1 (commit) from f2dbb71cb6bf6cd570f96e7663a22dd87854f08b (commit) - Log ----------------------------------------------------------------- commit 72eb100f8a38c5b3822d7751eddaa2f3f4576fa1 Author: Richard Levitte Date: Mon Apr 15 10:40:18 2019 +0200 Don't use '-z defs' with Clang's sanitizers The clang documentation in all sanitizers we currently use says this: When linking shared libraries, the {flavor}Sanitizer run-time is not linked, so -Wl,-z,defs may cause link errors (don?t use it with {flavor}Sanitizer) (in our case, {flavor} is one of Address, Memory, or UndefinedBehavior) Therefore, we turn off that particular flag specifically when using the sanitizers. Fixes #8735 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8749) ----------------------------------------------------------------------- Summary of changes: Configurations/shared-info.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index f821ad7..83f28bd 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -32,7 +32,10 @@ my %shared_info; return { %{$shared_info{'gnu-shared'}}, shared_defflag => '-Wl,--version-script=', - dso_ldflags => '-z defs', + dso_ldflags => + $disabled{asan} && $disabled{msan} && $disabled{ubsan} + ? '-z defs' + : '', }; }, 'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; }, From builds at travis-ci.org Mon Apr 15 15:09:49 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Apr 2019 15:09:49 +0000 Subject: Still Failing: openssl/openssl#24760 (master - 72eb100) In-Reply-To: Message-ID: <5cb49ebcd57b9_43fe577253a2c139171@b2356dca-0bf3-4a1b-9104-1c932af4f8fb.mail> Build Update for openssl/openssl ------------------------------------- Build: #24760 Status: Still Failing Duration: 20 mins and 44 secs Commit: 72eb100 (master) Author: Richard Levitte Message: Don't use '-z defs' with Clang's sanitizers The clang documentation in all sanitizers we currently use says this: When linking shared libraries, the {flavor}Sanitizer run-time is not linked, so -Wl,-z,defs may cause link errors (don?t use it with {flavor}Sanitizer) (in our case, {flavor} is one of Address, Memory, or UndefinedBehavior) Therefore, we turn off that particular flag specifically when using the sanitizers. Fixes #8735 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8749) View the changeset: https://github.com/openssl/openssl/compare/f2dbb71cb6bf...72eb100f8a38 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/520332906?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 15 16:15:00 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Apr 2019 16:15:00 +0000 Subject: Build failed: openssl master.24166 Message-ID: <20190415161500.1.F489CCF5A6722B0A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 15 16:44:22 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 15 Apr 2019 16:44:22 +0000 Subject: Build completed: openssl master.24167 Message-ID: <20190415164422.1.60E52C32640DE028@appveyor.com> An HTML attachment was scrubbed... URL: From kurt at openssl.org Mon Apr 15 20:38:48 2019 From: kurt at openssl.org (Kurt Roeckx) Date: Mon, 15 Apr 2019 20:38:48 +0000 Subject: [openssl] master update Message-ID: <1555360728.583930.9756.nullmailer@dev.openssl.org> The branch master has been updated via 3e3dcf9ab8a2fc0214502dad56d94fd95bcbbfd5 (commit) from 72eb100f8a38c5b3822d7751eddaa2f3f4576fa1 (commit) - Log ----------------------------------------------------------------- commit 3e3dcf9ab8a2fc0214502dad56d94fd95bcbbfd5 Author: Kurt Roeckx Date: Sat Apr 13 14:04:35 2019 +0200 Call RSA generation callback at the correct time. The callback should be called with 1 when a Miller-Rabin round marked the candidate as probably prime. Reviewed-by: Bernd Edlinger GH: #8742 ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_prime.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 2c9f89d..03402c2 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -329,8 +329,6 @@ int bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, if (BN_is_one(z)) goto composite; } - if (!BN_GENCB_call(cb, 1, i)) - goto err; /* At this point z = b^((w-1)/2) mod w */ /* (Steps 4.8 - 4.9) x = z, z = x^2 mod w */ if (!BN_copy(x, z) || !BN_mod_mul(z, x, x, w, ctx)) @@ -358,6 +356,8 @@ composite: goto err; outer_loop: ; /* (Step 4.1.5) */ + if (!BN_GENCB_call(cb, 1, i)) + goto err; } /* (Step 5) */ *status = BN_PRIMETEST_PROBABLY_PRIME; From builds at travis-ci.org Mon Apr 15 20:57:50 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 15 Apr 2019 20:57:50 +0000 Subject: Still Failing: openssl/openssl#24767 (master - 3e3dcf9) In-Reply-To: Message-ID: <5cb4f04eb7ffa_43fe1b06b37b82410f3@fb1fbf7d-3ec7-45a7-bfe8-ab06ab78574d.mail> Build Update for openssl/openssl ------------------------------------- Build: #24767 Status: Still Failing Duration: 18 mins and 22 secs Commit: 3e3dcf9 (master) Author: Kurt Roeckx Message: Call RSA generation callback at the correct time. The callback should be called with 1 when a Miller-Rabin round marked the candidate as probably prime. Reviewed-by: Bernd Edlinger GH: #8742 View the changeset: https://github.com/openssl/openssl/compare/72eb100f8a38...3e3dcf9ab8a2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/520471077?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Apr 15 22:45:42 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Apr 2019 22:45:42 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1555368342.826832.19415.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 3e3dcf9ab8 Call RSA generation callback at the correct time. 72eb100f8a Don't use '-z defs' with Clang's sanitizers f2dbb71cb6 providers/common/digests/sha2.c: forward declare all dispatched functions 0ad50b4dee Providers: for the digest_final operation, pass a output buffer size From openssl at openssl.org Tue Apr 16 01:44:12 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Apr 2019 01:44:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1555379052.023572.8296.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 3e3dcf9ab8 Call RSA generation callback at the correct time. 72eb100f8a Don't use '-z defs' with Clang's sanitizers f2dbb71cb6 providers/common/digests/sha2.c: forward declare all dispatched functions 0ad50b4dee Providers: for the digest_final operation, pass a output buffer size Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl e_os2 > test/buildtest_e_os2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ebcdic > test/buildtest_ebcdic.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ec > test/buildtest_ec.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ess > test/buildtest_ess.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl params > test/buildtest_params.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl provider > test/buildtest_provider.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/casttest-bin-casttest.d.tmp -MT test/casttest-bin-casttest.o -c -o test/casttest-bin-casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Iapps/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/chacha_internal_test-bin-chacha_internal_test.d.tmp -MT test/chacha_internal_test-bin-chacha_internal_test.o -c -o test/chacha_internal_test-bin-chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -Iapps/include -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c ../openssl/test/ectest.c:1889:24: error: implicit declaration of function 'BN_GF2m_add' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(BN_GF2m_add(x, x, field))) ^ ../openssl/test/ectest.c:1889:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] 2 errors generated. Makefile:15271: recipe for target 'test/ectest-bin-ectest.o' failed make[1]: *** [test/ectest-bin-ectest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Tue Apr 16 05:44:46 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Apr 2019 05:44:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1555393486.365001.21235.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 3e3dcf9ab8 Call RSA generation callback at the correct time. 72eb100f8a Don't use '-z defs' with Clang's sanitizers f2dbb71cb6 providers/common/digests/sha2.c: forward declare all dispatched functions 0ad50b4dee Providers: for the digest_final operation, pass a output buffer size Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:44: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:44: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:30: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:30: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:40: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:49: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:49: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:56: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:56: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:68: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:68: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:73: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From matt at openssl.org Tue Apr 16 10:00:31 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 16 Apr 2019 10:00:31 +0000 Subject: [openssl] master update Message-ID: <1555408831.916678.14491.nullmailer@dev.openssl.org> The branch master has been updated via 06add280d90de9625e9c18985f376ef8d0419a46 (commit) via 3d42833d389134b7b05b655c264e4dba5a2179e9 (commit) via d34bce03acc53c583df954bbed65d4800751563a (commit) via c9dc22bc3d7f2df670dff66f04935e540e1b931a (commit) via b238fb79709a180ba9b4d837101c9f75e2978dc0 (commit) from 3e3dcf9ab8a2fc0214502dad56d94fd95bcbbfd5 (commit) - Log ----------------------------------------------------------------- commit 06add280d90de9625e9c18985f376ef8d0419a46 Author: Tomas Mraz Date: Thu Apr 4 09:49:36 2019 +0200 Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) commit 3d42833d389134b7b05b655c264e4dba5a2179e9 Author: Tomas Mraz Date: Thu Apr 4 09:48:47 2019 +0200 Add documentation for the BIO_s_mem pecularities Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) commit d34bce03acc53c583df954bbed65d4800751563a Author: Tomas Mraz Date: Wed Apr 3 19:07:00 2019 +0200 Add testing of RDONLY memory BIOs Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) commit c9dc22bc3d7f2df670dff66f04935e540e1b931a Author: Bernd Edlinger Date: Fri Mar 1 01:55:38 2019 +0100 Add test for the BIO_get_mem_ptr() regression Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) commit b238fb79709a180ba9b4d837101c9f75e2978dc0 Author: Tomas Mraz Date: Wed Apr 3 12:31:32 2019 +0200 Fix for BIO_get_mem_ptr and related regressions Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_mem.c | 41 +++++++++---- doc/man3/BIO_s_mem.pod | 16 +++++ test/bio_memleak_test.c | 158 ++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 197 insertions(+), 18 deletions(-) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 89c54b2..a7f2bfb 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -57,7 +57,12 @@ static const BIO_METHOD secmem_method = { NULL, /* mem_callback_ctrl */ }; -/* BIO memory stores buffer and read pointer */ +/* + * BIO memory stores buffer and read pointer + * however the roles are different for read only BIOs. + * In that case the readp just stores the original state + * to be used for reset. + */ typedef struct bio_buf_mem_st { struct buf_mem_st *buf; /* allocated buffer */ struct buf_mem_st *readp; /* read pointer */ @@ -192,11 +197,14 @@ static int mem_read(BIO *b, char *out, int outl) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; BUF_MEM *bm = bbm->readp; + if (b->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; BIO_clear_retry_flags(b); ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl; if ((out != NULL) && (ret > 0)) { memcpy(out, bm->data, ret); bm->length -= ret; + bm->max -= ret; bm->data += ret; } else if (bm->length == 0) { ret = b->num; @@ -241,29 +249,36 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; BUF_MEM *bm; + if (b->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; + else + bm = bbm->readp; + switch (cmd) { case BIO_CTRL_RESET: bm = bbm->buf; if (bm->data != NULL) { - /* For read only case reset to the start again */ - if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) { - bm->length = bm->max; + if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) { + if (b->flags & BIO_FLAGS_NONCLEAR_RST) { + bm->length = bm->max; + } else { + memset(bm->data, 0, bm->max); + bm->length = 0; + } + *bbm->readp = *bbm->buf; } else { - memset(bm->data, 0, bm->max); - bm->length = 0; + /* For read only case just reset to the start again */ + *bbm->buf = *bbm->readp; } - *bbm->readp = *bbm->buf; } break; case BIO_CTRL_EOF: - bm = bbm->readp; ret = (long)(bm->length == 0); break; case BIO_C_SET_BUF_MEM_EOF_RETURN: b->num = (int)num; break; case BIO_CTRL_INFO: - bm = bbm->readp; ret = (long)bm->length; if (ptr != NULL) { pptr = (char **)ptr; @@ -278,8 +293,9 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { - mem_buf_sync(b); - bm = bbm->readp; + if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) + mem_buf_sync(b); + bm = bbm->buf; pptr = (char **)ptr; *pptr = (char *)bm; } @@ -294,7 +310,6 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0L; break; case BIO_CTRL_PENDING: - bm = bbm->readp; ret = (long)bm->length; break; case BIO_CTRL_DUP: @@ -318,6 +333,8 @@ static int mem_gets(BIO *bp, char *buf, int size) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr; BUF_MEM *bm = bbm->readp; + if (bp->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; BIO_clear_retry_flags(bp); j = bm->length; if ((size - 1) < j) diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod index bd0824a..6d9e747 100644 --- a/doc/man3/BIO_s_mem.pod +++ b/doc/man3/BIO_s_mem.pod @@ -88,6 +88,22 @@ a buffering BIO to the chain will speed up the process. Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will give undefined results, including perhaps a program crash. +Switching the memory BIO from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after BIO creation and set the BIO as read only. + +The other supported sequence is to start with read write BIO then temporarily +switch it to read only and call BIO_reset() on the read only BIO immediately +before switching it back to read write. Before the BIO is freed it must be +switched back to the read write mode. + +Calling BIO_get_mem_ptr() on read only BIO will return a BUF_MEM that +contains only the remaining data to be read. If the close status of the +BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer +in it must be set to NULL as the data pointer does not point to an +allocated memory. + =head1 BUGS There should be an option to set the maximum size of a memory BIO. diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c index 36680e3..fab5ce7 100644 --- a/test/bio_memleak_test.c +++ b/test/bio_memleak_test.c @@ -18,28 +18,170 @@ static int test_bio_memleak(void) int ok = 0; BIO *bio; BUF_MEM bufmem; - const char *str = "BIO test\n"; + static const char str[] = "BIO test\n"; char buf[100]; bio = BIO_new(BIO_s_mem()); - if (bio == NULL) + if (!TEST_ptr(bio)) goto finish; - bufmem.length = strlen(str) + 1; + bufmem.length = sizeof(str); bufmem.data = (char *) str; bufmem.max = bufmem.length; BIO_set_mem_buf(bio, &bufmem, BIO_NOCLOSE); BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY); + if (!TEST_int_eq(BIO_read(bio, buf, sizeof(buf)), sizeof(str))) + goto finish; + if (!TEST_mem_eq(buf, sizeof(str), str, sizeof(str))) + goto finish; + ok = 1; - if (BIO_read(bio, buf, sizeof(buf)) <= 0) - goto finish; +finish: + BIO_free(bio); + return ok; +} - ok = strcmp(buf, str) == 0; +static int test_bio_get_mem(void) +{ + int ok = 0; + BIO *bio = NULL; + BUF_MEM *bufmem = NULL; + + bio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(bio)) + goto finish; + if (!TEST_int_eq(BIO_puts(bio, "Hello World\n"), 12)) + goto finish; + BIO_get_mem_ptr(bio, &bufmem); + if (!TEST_ptr(bufmem)) + goto finish; + if (!TEST_int_gt(BIO_set_close(bio, BIO_NOCLOSE), 0)) + goto finish; + BIO_free(bio); + bio = NULL; + if (!TEST_mem_eq(bufmem->data, bufmem->length, "Hello World\n", 12)) + goto finish; + ok = 1; finish: BIO_free(bio); + BUF_MEM_free(bufmem); return ok; } +static int test_bio_new_mem_buf(void) +{ + int ok = 0; + BIO *bio; + BUF_MEM *bufmem; + char data[16]; + + bio = BIO_new_mem_buf("Hello World\n", 12); + if (!TEST_ptr(bio)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 5), 5)) + goto finish; + if (!TEST_mem_eq(data, 5, "Hello", 5)) + goto finish; + if (!TEST_int_gt(BIO_get_mem_ptr(bio, &bufmem), 0)) + goto finish; + if (!TEST_int_lt(BIO_write(bio, "test", 4), 0)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 16), 7)) + goto finish; + if (!TEST_mem_eq(data, 7, " World\n", 7)) + goto finish; + if (!TEST_int_gt(BIO_reset(bio), 0)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 16), 12)) + goto finish; + if (!TEST_mem_eq(data, 12, "Hello World\n", 12)) + goto finish; + ok = 1; + +finish: + BIO_free(bio); + return ok; +} + +static int test_bio_rdonly_mem_buf(void) +{ + int ok = 0; + BIO *bio, *bio2 = NULL; + BUF_MEM *bufmem; + char data[16]; + + bio = BIO_new_mem_buf("Hello World\n", 12); + if (!TEST_ptr(bio)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 5), 5)) + goto finish; + if (!TEST_mem_eq(data, 5, "Hello", 5)) + goto finish; + if (!TEST_int_gt(BIO_get_mem_ptr(bio, &bufmem), 0)) + goto finish; + (void)BIO_set_close(bio, BIO_NOCLOSE); + + bio2 = BIO_new(BIO_s_mem()); + if (!TEST_ptr(bio2)) + goto finish; + BIO_set_mem_buf(bio2, bufmem, BIO_CLOSE); + BIO_set_flags(bio2, BIO_FLAGS_MEM_RDONLY); + + if (!TEST_int_eq(BIO_read(bio2, data, 16), 7)) + goto finish; + if (!TEST_mem_eq(data, 7, " World\n", 7)) + goto finish; + if (!TEST_int_gt(BIO_reset(bio2), 0)) + goto finish; + if (!TEST_int_eq(BIO_read(bio2, data, 16), 7)) + goto finish; + if (!TEST_mem_eq(data, 7, " World\n", 7)) + goto finish; + ok = 1; + +finish: + BIO_free(bio); + BIO_free(bio2); + return ok; +} + +static int test_bio_rdwr_rdonly(void) +{ + int ok = 0; + BIO *bio = NULL; + char data[16]; + + bio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(bio)) + goto finish; + if (!TEST_int_eq(BIO_puts(bio, "Hello World\n"), 12)) + goto finish; + + BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY); + if (!TEST_int_eq(BIO_read(bio, data, 16), 12)) + goto finish; + if (!TEST_mem_eq(data, 12, "Hello World\n", 12)) + goto finish; + if (!TEST_int_gt(BIO_reset(bio), 0)) + goto finish; + + BIO_clear_flags(bio, BIO_FLAGS_MEM_RDONLY); + if (!TEST_int_eq(BIO_puts(bio, "Hi!\n"), 4)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 16), 16)) + goto finish; + + if (!TEST_mem_eq(data, 16, "Hello World\nHi!\n", 16)) + goto finish; + + ok = 1; + +finish: + BIO_free(bio); + return ok; +} + + int global_init(void) { CRYPTO_set_mem_debug(1); @@ -50,5 +192,9 @@ int global_init(void) int setup_tests(void) { ADD_TEST(test_bio_memleak); + ADD_TEST(test_bio_get_mem); + ADD_TEST(test_bio_new_mem_buf); + ADD_TEST(test_bio_rdonly_mem_buf); + ADD_TEST(test_bio_rdwr_rdonly); return 1; } From matt at openssl.org Tue Apr 16 10:00:45 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 16 Apr 2019 10:00:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1555408845.214952.15492.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 2456ae5763dc4b036b3b4cdb9b98de5d46dd221f (commit) via 693f98aae8a33f2e0f91264ca7383438bae93d47 (commit) via 4912bf74280caa7aec5b206e29b103d594075123 (commit) via 27a11cd60270091f38e432aca5d46744ee66503d (commit) via 43bb4dec99f4bed1ec20836c79967ea790594fce (commit) from 1ced49fbb7428994b137248d52f108d4045bb4a3 (commit) - Log ----------------------------------------------------------------- commit 2456ae5763dc4b036b3b4cdb9b98de5d46dd221f Author: Tomas Mraz Date: Thu Apr 4 09:49:36 2019 +0200 Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit 06add280d90de9625e9c18985f376ef8d0419a46) commit 693f98aae8a33f2e0f91264ca7383438bae93d47 Author: Tomas Mraz Date: Thu Apr 4 09:48:47 2019 +0200 Add documentation for the BIO_s_mem pecularities Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit 3d42833d389134b7b05b655c264e4dba5a2179e9) commit 4912bf74280caa7aec5b206e29b103d594075123 Author: Tomas Mraz Date: Wed Apr 3 19:07:00 2019 +0200 Add testing of RDONLY memory BIOs Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit d34bce03acc53c583df954bbed65d4800751563a) commit 27a11cd60270091f38e432aca5d46744ee66503d Author: Bernd Edlinger Date: Fri Mar 1 01:55:38 2019 +0100 Add test for the BIO_get_mem_ptr() regression Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit c9dc22bc3d7f2df670dff66f04935e540e1b931a) commit 43bb4dec99f4bed1ec20836c79967ea790594fce Author: Tomas Mraz Date: Wed Apr 3 12:31:32 2019 +0200 Fix for BIO_get_mem_ptr and related regressions Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit b238fb79709a180ba9b4d837101c9f75e2978dc0) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_mem.c | 41 +++++++++---- doc/man3/BIO_s_mem.pod | 16 +++++ test/bio_memleak_test.c | 158 ++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 197 insertions(+), 18 deletions(-) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 10fcbf7..8c621d6 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -57,7 +57,12 @@ static const BIO_METHOD secmem_method = { NULL, /* mem_callback_ctrl */ }; -/* BIO memory stores buffer and read pointer */ +/* + * BIO memory stores buffer and read pointer + * however the roles are different for read only BIOs. + * In that case the readp just stores the original state + * to be used for reset. + */ typedef struct bio_buf_mem_st { struct buf_mem_st *buf; /* allocated buffer */ struct buf_mem_st *readp; /* read pointer */ @@ -192,11 +197,14 @@ static int mem_read(BIO *b, char *out, int outl) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; BUF_MEM *bm = bbm->readp; + if (b->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; BIO_clear_retry_flags(b); ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl; if ((out != NULL) && (ret > 0)) { memcpy(out, bm->data, ret); bm->length -= ret; + bm->max -= ret; bm->data += ret; } else if (bm->length == 0) { ret = b->num; @@ -241,29 +249,36 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; BUF_MEM *bm; + if (b->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; + else + bm = bbm->readp; + switch (cmd) { case BIO_CTRL_RESET: bm = bbm->buf; if (bm->data != NULL) { - /* For read only case reset to the start again */ - if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) { - bm->length = bm->max; + if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) { + if (b->flags & BIO_FLAGS_NONCLEAR_RST) { + bm->length = bm->max; + } else { + memset(bm->data, 0, bm->max); + bm->length = 0; + } + *bbm->readp = *bbm->buf; } else { - memset(bm->data, 0, bm->max); - bm->length = 0; + /* For read only case just reset to the start again */ + *bbm->buf = *bbm->readp; } - *bbm->readp = *bbm->buf; } break; case BIO_CTRL_EOF: - bm = bbm->readp; ret = (long)(bm->length == 0); break; case BIO_C_SET_BUF_MEM_EOF_RETURN: b->num = (int)num; break; case BIO_CTRL_INFO: - bm = bbm->readp; ret = (long)bm->length; if (ptr != NULL) { pptr = (char **)ptr; @@ -278,8 +293,9 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { - mem_buf_sync(b); - bm = bbm->readp; + if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) + mem_buf_sync(b); + bm = bbm->buf; pptr = (char **)ptr; *pptr = (char *)bm; } @@ -294,7 +310,6 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0L; break; case BIO_CTRL_PENDING: - bm = bbm->readp; ret = (long)bm->length; break; case BIO_CTRL_DUP: @@ -318,6 +333,8 @@ static int mem_gets(BIO *bp, char *buf, int size) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr; BUF_MEM *bm = bbm->readp; + if (bp->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; BIO_clear_retry_flags(bp); j = bm->length; if ((size - 1) < j) diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod index 050d778..250d12c 100644 --- a/doc/man3/BIO_s_mem.pod +++ b/doc/man3/BIO_s_mem.pod @@ -88,6 +88,22 @@ a buffering BIO to the chain will speed up the process. Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will give undefined results, including perhaps a program crash. +Switching the memory BIO from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after BIO creation and set the BIO as read only. + +The other supported sequence is to start with read write BIO then temporarily +switch it to read only and call BIO_reset() on the read only BIO immediately +before switching it back to read write. Before the BIO is freed it must be +switched back to the read write mode. + +Calling BIO_get_mem_ptr() on read only BIO will return a BUF_MEM that +contains only the remaining data to be read. If the close status of the +BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer +in it must be set to NULL as the data pointer does not point to an +allocated memory. + =head1 BUGS There should be an option to set the maximum size of a memory BIO. diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c index 21b46cb..9724148 100644 --- a/test/bio_memleak_test.c +++ b/test/bio_memleak_test.c @@ -18,28 +18,170 @@ static int test_bio_memleak(void) int ok = 0; BIO *bio; BUF_MEM bufmem; - const char *str = "BIO test\n"; + static const char str[] = "BIO test\n"; char buf[100]; bio = BIO_new(BIO_s_mem()); - if (bio == NULL) + if (!TEST_ptr(bio)) goto finish; - bufmem.length = strlen(str) + 1; + bufmem.length = sizeof(str); bufmem.data = (char *) str; bufmem.max = bufmem.length; BIO_set_mem_buf(bio, &bufmem, BIO_NOCLOSE); BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY); + if (!TEST_int_eq(BIO_read(bio, buf, sizeof(buf)), sizeof(str))) + goto finish; + if (!TEST_mem_eq(buf, sizeof(str), str, sizeof(str))) + goto finish; + ok = 1; - if (BIO_read(bio, buf, sizeof(buf)) <= 0) - goto finish; +finish: + BIO_free(bio); + return ok; +} - ok = strcmp(buf, str) == 0; +static int test_bio_get_mem(void) +{ + int ok = 0; + BIO *bio = NULL; + BUF_MEM *bufmem = NULL; + + bio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(bio)) + goto finish; + if (!TEST_int_eq(BIO_puts(bio, "Hello World\n"), 12)) + goto finish; + BIO_get_mem_ptr(bio, &bufmem); + if (!TEST_ptr(bufmem)) + goto finish; + if (!TEST_int_gt(BIO_set_close(bio, BIO_NOCLOSE), 0)) + goto finish; + BIO_free(bio); + bio = NULL; + if (!TEST_mem_eq(bufmem->data, bufmem->length, "Hello World\n", 12)) + goto finish; + ok = 1; finish: BIO_free(bio); + BUF_MEM_free(bufmem); return ok; } +static int test_bio_new_mem_buf(void) +{ + int ok = 0; + BIO *bio; + BUF_MEM *bufmem; + char data[16]; + + bio = BIO_new_mem_buf("Hello World\n", 12); + if (!TEST_ptr(bio)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 5), 5)) + goto finish; + if (!TEST_mem_eq(data, 5, "Hello", 5)) + goto finish; + if (!TEST_int_gt(BIO_get_mem_ptr(bio, &bufmem), 0)) + goto finish; + if (!TEST_int_lt(BIO_write(bio, "test", 4), 0)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 16), 7)) + goto finish; + if (!TEST_mem_eq(data, 7, " World\n", 7)) + goto finish; + if (!TEST_int_gt(BIO_reset(bio), 0)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 16), 12)) + goto finish; + if (!TEST_mem_eq(data, 12, "Hello World\n", 12)) + goto finish; + ok = 1; + +finish: + BIO_free(bio); + return ok; +} + +static int test_bio_rdonly_mem_buf(void) +{ + int ok = 0; + BIO *bio, *bio2 = NULL; + BUF_MEM *bufmem; + char data[16]; + + bio = BIO_new_mem_buf("Hello World\n", 12); + if (!TEST_ptr(bio)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 5), 5)) + goto finish; + if (!TEST_mem_eq(data, 5, "Hello", 5)) + goto finish; + if (!TEST_int_gt(BIO_get_mem_ptr(bio, &bufmem), 0)) + goto finish; + (void)BIO_set_close(bio, BIO_NOCLOSE); + + bio2 = BIO_new(BIO_s_mem()); + if (!TEST_ptr(bio2)) + goto finish; + BIO_set_mem_buf(bio2, bufmem, BIO_CLOSE); + BIO_set_flags(bio2, BIO_FLAGS_MEM_RDONLY); + + if (!TEST_int_eq(BIO_read(bio2, data, 16), 7)) + goto finish; + if (!TEST_mem_eq(data, 7, " World\n", 7)) + goto finish; + if (!TEST_int_gt(BIO_reset(bio2), 0)) + goto finish; + if (!TEST_int_eq(BIO_read(bio2, data, 16), 7)) + goto finish; + if (!TEST_mem_eq(data, 7, " World\n", 7)) + goto finish; + ok = 1; + +finish: + BIO_free(bio); + BIO_free(bio2); + return ok; +} + +static int test_bio_rdwr_rdonly(void) +{ + int ok = 0; + BIO *bio = NULL; + char data[16]; + + bio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(bio)) + goto finish; + if (!TEST_int_eq(BIO_puts(bio, "Hello World\n"), 12)) + goto finish; + + BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY); + if (!TEST_int_eq(BIO_read(bio, data, 16), 12)) + goto finish; + if (!TEST_mem_eq(data, 12, "Hello World\n", 12)) + goto finish; + if (!TEST_int_gt(BIO_reset(bio), 0)) + goto finish; + + BIO_clear_flags(bio, BIO_FLAGS_MEM_RDONLY); + if (!TEST_int_eq(BIO_puts(bio, "Hi!\n"), 4)) + goto finish; + if (!TEST_int_eq(BIO_read(bio, data, 16), 16)) + goto finish; + + if (!TEST_mem_eq(data, 16, "Hello World\nHi!\n", 16)) + goto finish; + + ok = 1; + +finish: + BIO_free(bio); + return ok; +} + + int global_init(void) { CRYPTO_set_mem_debug(1); @@ -50,5 +192,9 @@ int global_init(void) int setup_tests(void) { ADD_TEST(test_bio_memleak); + ADD_TEST(test_bio_get_mem); + ADD_TEST(test_bio_new_mem_buf); + ADD_TEST(test_bio_rdonly_mem_buf); + ADD_TEST(test_bio_rdwr_rdonly); return 1; } From builds at travis-ci.org Tue Apr 16 10:21:47 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Apr 2019 10:21:47 +0000 Subject: Still Failing: openssl/openssl#24772 (master - 06add28) In-Reply-To: Message-ID: <5cb5acbb39053_43fd0c0c56fcc10344f@72eb6428-25c2-4bdc-bbda-37cab1263c8f.mail> Build Update for openssl/openssl ------------------------------------- Build: #24772 Status: Still Failing Duration: 20 mins and 38 secs Commit: 06add28 (master) Author: Tomas Mraz Message: Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) View the changeset: https://github.com/openssl/openssl/compare/3e3dcf9ab8a2...06add280d90d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/520683160?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 16 10:32:59 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 16 Apr 2019 10:32:59 +0000 Subject: Still Failing: openssl/openssl#24773 (OpenSSL_1_1_1-stable - 2456ae5) In-Reply-To: Message-ID: <5cb5af5b3cf0a_43fd1a0e102601554af@4676596e-f99b-4089-9880-93f8396daac6.mail> Build Update for openssl/openssl ------------------------------------- Build: #24773 Status: Still Failing Duration: 25 mins and 41 secs Commit: 2456ae5 (OpenSSL_1_1_1-stable) Author: Tomas Mraz Message: Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit 06add280d90de9625e9c18985f376ef8d0419a46) View the changeset: https://github.com/openssl/openssl/compare/1ced49fbb742...2456ae5763dc View the full build log and details: https://travis-ci.org/openssl/openssl/builds/520683216?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Apr 16 11:04:25 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Apr 2019 11:04:25 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1555412665.688932.11619.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 3e3dcf9ab8 Call RSA generation callback at the correct time. 72eb100f8a Don't use '-z defs' with Clang's sanitizers f2dbb71cb6 providers/common/digests/sha2.c: forward declare all dispatched functions 0ad50b4dee Providers: for the digest_final operation, pass a output buffer size From no-reply at appveyor.com Tue Apr 16 14:09:59 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 16 Apr 2019 14:09:59 +0000 Subject: Build failed: openssl master.24183 Message-ID: <20190416140959.1.E9BE56B89DFECCDE@appveyor.com> An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Wed Apr 17 00:00:55 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 17 Apr 2019 00:00:55 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1555459255.646902.13166.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f937540ec40a5e838460b8f19d2eb722529126b8 (commit) from d3299a33e5acdf61502755d807d5885c17c46003 (commit) - Log ----------------------------------------------------------------- commit f937540ec40a5e838460b8f19d2eb722529126b8 Author: Dr. Matthias St. Pierre Date: Tue Apr 9 15:04:29 2019 +0200 Add FIPS support for Android Arm 64-bit Fixes #2490 Fixes #8711 In commit 6db8e3bdc9e, support for Android Arm 64-bit was added to the OpenSSL FIPS Object Module. For some reason, the corresponding target 'android64-aarch64' was missing OpenSSL 1.0.2, whence it could not be built with FIPS support on Android Arm 64-bit. This commit adds the missing target. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8713) ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 +++++++- Configure | 1 + TABLE | 34 ++++++++++++++++++++++++++++++++++ config | 1 + 4 files changed, 43 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 7080ac2..78c7b59 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,13 @@ Changes between 1.0.2r and 1.0.2s [xx XXX xxxx] - *) + *) Add FIPS support for Android Arm 64-bit + + Support for Android Arm 64-bit was added to the OpenSSL FIPS Object Module in + Version 2.0.10. For some reason, the corresponding target 'android64-aarch64' + was missing OpenSSL 1.0.2, whence it could not be built with FIPS support on + Android Arm 64-bit. This omission has been fixed. + [Matthias St. Pierre] Changes between 1.0.2q and 1.0.2r [26 Feb 2019] diff --git a/Configure b/Configure index c7066dc..3846c91 100755 --- a/Configure +++ b/Configure @@ -475,6 +475,7 @@ my %table=( "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### *BSD [do see comment about ${BSDthreads} above!] "BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/TABLE b/TABLE index 47bdbf8..a8277f7 100644 --- a/TABLE +++ b/TABLE @@ -1190,6 +1190,40 @@ $ranlib = $arflags = $multilib = +*** android64-aarch64 +$cc = gcc +$cflags = -mandroid -fPIC -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -pie%-ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = armcap.o arm64cpuid.o mem_clr.o +$bn_obj = +$ec_obj = +$des_obj = +$aes_obj = aes_core.o aes_cbc.o aesv8-armx.o +$bf_obj = +$md5_obj = +$sha1_obj = sha1-armv8.o sha256-armv8.o sha512-armv8.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = ghashv8-armx.o +$engines_obj = +$perlasm_scheme = linux64 +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + *** aux3-gcc $cc = gcc $cflags = -O2 -DTERMIO diff --git a/config b/config index 6214c4b..c8a3b58 100755 --- a/config +++ b/config @@ -871,6 +871,7 @@ case "$GUESSOS" in *-*-qnx6) OUT="QNX6" ;; x86-*-android|i?86-*-android) OUT="android-x86" ;; armv[7-9]*-*-android) OUT="android-armv7" ;; + aarch64-*-android) OUT="android64-aarch64" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac From openssl at openssl.org Wed Apr 17 01:45:07 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Apr 2019 01:45:07 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1555465507.653557.11686.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 06add280d9 Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case 3d42833d38 Add documentation for the BIO_s_mem pecularities d34bce03ac Add testing of RDONLY memory BIOs c9dc22bc3d Add test for the BIO_get_mem_ptr() regression b238fb7970 Fix for BIO_get_mem_ptr and related regressions Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl e_os2 > test/buildtest_e_os2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ebcdic > test/buildtest_ebcdic.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ec > test/buildtest_ec.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ess > test/buildtest_ess.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl params > test/buildtest_params.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl provider > test/buildtest_provider.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/casttest-bin-casttest.d.tmp -MT test/casttest-bin-casttest.o -c -o test/casttest-bin-casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Iapps/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/chacha_internal_test-bin-chacha_internal_test.d.tmp -MT test/chacha_internal_test-bin-chacha_internal_test.o -c -o test/chacha_internal_test-bin-chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -Iapps/include -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c ../openssl/test/ectest.c:1889:24: error: implicit declaration of function 'BN_GF2m_add' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(BN_GF2m_add(x, x, field))) ^ ../openssl/test/ectest.c:1889:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] 2 errors generated. Makefile:15271: recipe for target 'test/ectest-bin-ectest.o' failed make[1]: *** [test/ectest-bin-ectest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Wed Apr 17 05:43:48 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Apr 2019 05:43:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1555479828.837035.25013.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 06add280d9 Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case 3d42833d38 Add documentation for the BIO_s_mem pecularities d34bce03ac Add testing of RDONLY memory BIOs c9dc22bc3d Add test for the BIO_get_mem_ptr() regression b238fb7970 Fix for BIO_get_mem_ptr and related regressions Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:44: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:44: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:30: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:30: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:40: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:49: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:49: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:56: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:56: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:68: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:68: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:73: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From pauli at openssl.org Wed Apr 17 07:52:37 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 17 Apr 2019 07:52:37 +0000 Subject: [openssl] master update Message-ID: <1555487557.993540.12213.nullmailer@dev.openssl.org> The branch master has been updated via ad7e17dd6c8a3931da0fa9a06e80cf498278ef27 (commit) from 06add280d90de9625e9c18985f376ef8d0419a46 (commit) - Log ----------------------------------------------------------------- commit ad7e17dd6c8a3931da0fa9a06e80cf498278ef27 Author: Pauli Date: Wed Apr 17 14:24:26 2019 +1000 SP 800-56B steps enumerated. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8770) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_oaep.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 9affabb..0945d4f 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -38,6 +38,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, param, plen, NULL, NULL); } +/* + * Perform ihe padding as per NIST 800-56B 7.2.2.3 + * from (K) is the key material. + * param (A) is the additional input. + * Step numbers are included here but not in the constant time inverse below + * to avoid complicating an already difficult enough function. + */ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, const unsigned char *from, int flen, const unsigned char *param, int plen, @@ -57,6 +64,7 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, mdlen = EVP_MD_size(md); + /* step 2b: check KLen > nLen - 2 HLen - 2 */ if (flen > emlen - 2 * mdlen - 1) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); @@ -69,15 +77,20 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, return 0; } + /* step 3i: EM = 00000000 || maskedMGF || maskedDB */ to[0] = 0; seed = to + 1; db = to + mdlen + 1; + /* step 3a: hash the additional input */ if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL)) goto err; + /* step 3b: zero bytes array of length nLen - KLen - 2 HLen -2 */ memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1); + /* step 3c: DB = HA || PS || 00000001 || K */ db[emlen - flen - mdlen - 1] = 0x01; memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); + /* step 3d: generate random byte string */ if (RAND_bytes(seed, mdlen) <= 0) goto err; @@ -88,13 +101,17 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, goto err; } + /* step 3e: dbMask = MGF(mgfSeed, nLen - HLen - 1) */ if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0) goto err; + /* step 3f: maskedDB = DB XOR dbMask */ for (i = 0; i < dbmask_len; i++) db[i] ^= dbmask[i]; + /* step 3g: mgfSeed = MGF(maskedDB, HLen) */ if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0) goto err; + /* stepo 3h: maskedMGFSeed = mgfSeed XOR mgfSeedMask */ for (i = 0; i < mdlen; i++) seed[i] ^= seedmask[i]; rv = 1; @@ -270,6 +287,13 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, return constant_time_select_int(good, mlen, -1); } +/* + * Mask Generation Function corresponding to section 7.2.2.2 of NIST SP 800-56B. + * The variables are named differently to NIST: + * mask (T) and len (maskLen)are the returned mask. + * seed (mgfSeed). + * The range checking steps inm the process are performed outside. + */ int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen, const EVP_MD *dgst) { @@ -285,11 +309,14 @@ int PKCS1_MGF1(unsigned char *mask, long len, mdlen = EVP_MD_size(dgst); if (mdlen < 0) goto err; + /* step 4 */ for (i = 0; outlen < len; i++) { + /* step 4a: D = I2BS(counter, 4) */ cnt[0] = (unsigned char)((i >> 24) & 255); cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); + /* step 4b: T =T || hash(mgfSeed || D) */ if (!EVP_DigestInit_ex(c, dgst, NULL) || !EVP_DigestUpdate(c, seed, seedlen) || !EVP_DigestUpdate(c, cnt, 4)) From builds at travis-ci.org Wed Apr 17 08:11:49 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 17 Apr 2019 08:11:49 +0000 Subject: Still Failing: openssl/openssl#24791 (master - ad7e17d) In-Reply-To: Message-ID: <5cb6dfc4d5c9b_43fa84d469a44142753@e293daad-d5a7-414c-8d5f-82cbee9c9834.mail> Build Update for openssl/openssl ------------------------------------- Build: #24791 Status: Still Failing Duration: 18 mins and 24 secs Commit: ad7e17d (master) Author: Pauli Message: SP 800-56B steps enumerated. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8770) View the changeset: https://github.com/openssl/openssl/compare/06add280d90d...ad7e17dd6c8a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/521129549?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 17 10:48:07 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 17 Apr 2019 10:48:07 +0000 Subject: Build failed: openssl master.24198 Message-ID: <20190417104807.1.030AB42C6112D4FD@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 17 15:54:00 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 17 Apr 2019 15:54:00 +0000 Subject: Build completed: openssl master.24199 Message-ID: <20190417155400.1.3FE42BFD5D270958@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Apr 18 01:43:00 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Apr 2019 01:43:00 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1555551780.520913.16740.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: ad7e17dd6c SP 800-56B steps enumerated. Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl e_os2 > test/buildtest_e_os2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ebcdic > test/buildtest_ebcdic.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ec > test/buildtest_ec.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ess > test/buildtest_ess.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl params > test/buildtest_params.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl provider > test/buildtest_provider.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/casttest-bin-casttest.d.tmp -MT test/casttest-bin-casttest.o -c -o test/casttest-bin-casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Iapps/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/chacha_internal_test-bin-chacha_internal_test.d.tmp -MT test/chacha_internal_test-bin-chacha_internal_test.o -c -o test/chacha_internal_test-bin-chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -Iapps/include -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c ../openssl/test/ectest.c:1889:24: error: implicit declaration of function 'BN_GF2m_add' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(BN_GF2m_add(x, x, field))) ^ ../openssl/test/ectest.c:1889:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] 2 errors generated. Makefile:15271: recipe for target 'test/ectest-bin-ectest.o' failed make[1]: *** [test/ectest-bin-ectest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Thu Apr 18 05:44:15 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Apr 2019 05:44:15 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1555566255.974309.29234.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: ad7e17dd6c SP 800-56B steps enumerated. Build log ended with (last 100 lines): crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:44: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:44: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:30: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:30: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:40: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:49: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:49: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:56: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:56: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:68: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:68: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:73: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:106: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:120: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: more undefined references to `__afl_prev_loc' follow test/p_test-dso-p_test.o: In function `p_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: undefined reference to `__afl_area_ptr' test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:74: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:83: more undefined references to `__afl_prev_loc' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6956: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Thu Apr 18 09:22:56 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 18 Apr 2019 09:22:56 +0000 Subject: [openssl] master update Message-ID: <1555579376.804375.31204.nullmailer@dev.openssl.org> The branch master has been updated via 86a7ac5e76fd3df9a5c3422153ae5a3e4f99b3a8 (commit) via d6e4287c9726691e800bff221be71edd894a3c6a (commit) via 6465321e40cad2434501f0e8382e31a50a4f2e0b (commit) from ad7e17dd6c8a3931da0fa9a06e80cf498278ef27 (commit) - Log ----------------------------------------------------------------- commit 86a7ac5e76fd3df9a5c3422153ae5a3e4f99b3a8 Author: Andy Polyakov Date: Wed Apr 17 21:31:01 2019 +0200 chacha/asm/chacha-armv8.pl: replace 3+1 code paths with 4+1. The change is triggered by ThunderX2 where 3+1 was slower than scalar code path, but it helps all processors [to handle <512 inputs]. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8776) commit d6e4287c9726691e800bff221be71edd894a3c6a Author: Andy Polyakov Date: Wed Apr 17 21:30:39 2019 +0200 aes/asm/aesv8-armx.pl: ~20% improvement on ThunderX2. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8776) commit 6465321e40cad2434501f0e8382e31a50a4f2e0b Author: Andy Polyakov Date: Wed Apr 17 21:08:13 2019 +0200 ARM64 assembly pack: add ThunderX2 results. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8776) ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aesv8-armx.pl | 394 +++++++++++++++++++++++- crypto/aes/asm/vpaes-armv8.pl | 1 + crypto/chacha/asm/chacha-armv8.pl | 553 ++++++++++++++++++++++------------ crypto/modes/asm/ghashv8-armx.pl | 1 + crypto/poly1305/asm/poly1305-armv8.pl | 1 + crypto/sha/asm/keccak1600-armv8.pl | 1 + crypto/sha/asm/sha1-armv8.pl | 1 + crypto/sha/asm/sha512-armv8.pl | 1 + 8 files changed, 748 insertions(+), 205 deletions(-) diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index 81bc1cb..3b3a53b 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -27,18 +27,34 @@ # CBC encrypt case. On Cortex-A57 parallelizable mode performance # seems to be limited by sheer amount of NEON instructions... # +# April 2019 +# +# Key to performance of parallelize-able modes is round instruction +# interleaving. But which factor to use? There is optimal one for +# each combination of instruction latency and issue rate, beyond +# which increasing interleave factor doesn't pay off. While on cons +# side we have code size increase and resource waste on platforms for +# which interleave factor is too high. In other words you want it to +# be just right. So far interleave factor of 3x was serving well all +# platforms. But for ThunderX2 optimal interleave factor was measured +# to be 5x... +# # Performance in cycles per byte processed with 128-bit key: # # CBC enc CBC dec CTR # Apple A7 2.39 1.20 1.20 -# Cortex-A53 1.32 1.29 1.46 -# Cortex-A57(*) 1.95 0.85 0.93 -# Denver 1.96 0.86 0.80 -# Mongoose 1.33 1.20 1.20 -# Kryo 1.26 0.94 1.00 +# Cortex-A53 1.32 1.17/1.29(**) 1.36/1.46 +# Cortex-A57(*) 1.95 0.82/0.85 0.89/0.93 +# Cortex-A72 1.33 0.85/0.88 0.92/0.96 +# Denver 1.96 0.65/0.86 0.76/0.80 +# Mongoose 1.33 1.23/1.20 1.30/1.20 +# Kryo 1.26 0.87/0.94 1.00/1.00 +# ThunderX2 5.95 1.25 1.30 # # (*) original 3.64/1.34/1.32 results were for r0p0 revision # and are still same even for updated module; +# (**) numbers after slash are for 32-bit code, which is 3x- +# interleaved; $flavour = shift; $output = shift; @@ -523,6 +539,13 @@ $code.=<<___; ___ { my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); + +my ($dat3,$in3,$tmp3); # used only in 64-bit mode +my ($dat4,$in4,$tmp4); +if ($flavour =~ /64/) { + ($dat2,$dat3,$dat4,$in2,$in3,$in4,$tmp3,$tmp4)=map("q$_",(16..23)); +} + $code.=<<___; .align 5 .Lcbc_dec: @@ -539,7 +562,196 @@ $code.=<<___; vorr $in0,$dat,$dat vorr $in1,$dat1,$dat1 vorr $in2,$dat2,$dat2 +___ +$code.=<<___ if ($flavour =~ /64/); + cmp $len,#32 + b.lo .Loop3x_cbc_dec + + vld1.8 {$dat3},[$inp],#16 + vld1.8 {$dat4},[$inp],#16 + sub $len,$len,#32 // bias + mov $cnt,$rounds + vorr $in3,$dat3,$dat3 + vorr $in4,$dat4,$dat4 + +.Loop5x_cbc_dec: + aesd $dat0,q8 + aesimc $dat0,$dat0 + aesd $dat1,q8 + aesimc $dat1,$dat1 + aesd $dat2,q8 + aesimc $dat2,$dat2 + aesd $dat3,q8 + aesimc $dat3,$dat3 + aesd $dat4,q8 + aesimc $dat4,$dat4 + vld1.32 {q8},[$key_],#16 + subs $cnt,$cnt,#2 + aesd $dat0,q9 + aesimc $dat0,$dat0 + aesd $dat1,q9 + aesimc $dat1,$dat1 + aesd $dat2,q9 + aesimc $dat2,$dat2 + aesd $dat3,q9 + aesimc $dat3,$dat3 + aesd $dat4,q9 + aesimc $dat4,$dat4 + vld1.32 {q9},[$key_],#16 + b.gt .Loop5x_cbc_dec + + aesd $dat0,q8 + aesimc $dat0,$dat0 + aesd $dat1,q8 + aesimc $dat1,$dat1 + aesd $dat2,q8 + aesimc $dat2,$dat2 + aesd $dat3,q8 + aesimc $dat3,$dat3 + aesd $dat4,q8 + aesimc $dat4,$dat4 + cmp $len,#0x40 // because .Lcbc_tail4x + sub $len,$len,#0x50 + + aesd $dat0,q9 + aesimc $dat0,$dat0 + aesd $dat1,q9 + aesimc $dat1,$dat1 + aesd $dat2,q9 + aesimc $dat2,$dat2 + aesd $dat3,q9 + aesimc $dat3,$dat3 + aesd $dat4,q9 + aesimc $dat4,$dat4 + csel x6,xzr,$len,gt // borrow x6, $cnt, "gt" is not typo + mov $key_,$key + + aesd $dat0,q10 + aesimc $dat0,$dat0 + aesd $dat1,q10 + aesimc $dat1,$dat1 + aesd $dat2,q10 + aesimc $dat2,$dat2 + aesd $dat3,q10 + aesimc $dat3,$dat3 + aesd $dat4,q10 + aesimc $dat4,$dat4 + add $inp,$inp,x6 // $inp is adjusted in such way that + // at exit from the loop $dat1-$dat4 + // are loaded with last "words" + add x6,$len,#0x60 // because .Lcbc_tail4x + + aesd $dat0,q11 + aesimc $dat0,$dat0 + aesd $dat1,q11 + aesimc $dat1,$dat1 + aesd $dat2,q11 + aesimc $dat2,$dat2 + aesd $dat3,q11 + aesimc $dat3,$dat3 + aesd $dat4,q11 + aesimc $dat4,$dat4 + aesd $dat0,q12 + aesimc $dat0,$dat0 + aesd $dat1,q12 + aesimc $dat1,$dat1 + aesd $dat2,q12 + aesimc $dat2,$dat2 + aesd $dat3,q12 + aesimc $dat3,$dat3 + aesd $dat4,q12 + aesimc $dat4,$dat4 + + aesd $dat0,q13 + aesimc $dat0,$dat0 + aesd $dat1,q13 + aesimc $dat1,$dat1 + aesd $dat2,q13 + aesimc $dat2,$dat2 + aesd $dat3,q13 + aesimc $dat3,$dat3 + aesd $dat4,q13 + aesimc $dat4,$dat4 + + aesd $dat0,q14 + aesimc $dat0,$dat0 + aesd $dat1,q14 + aesimc $dat1,$dat1 + aesd $dat2,q14 + aesimc $dat2,$dat2 + aesd $dat3,q14 + aesimc $dat3,$dat3 + aesd $dat4,q14 + aesimc $dat4,$dat4 + + veor $tmp0,$ivec,$rndlast + aesd $dat0,q15 + veor $tmp1,$in0,$rndlast + vld1.8 {$in0},[$inp],#16 + aesd $dat1,q15 + veor $tmp2,$in1,$rndlast + vld1.8 {$in1},[$inp],#16 + aesd $dat2,q15 + veor $tmp3,$in2,$rndlast + vld1.8 {$in2},[$inp],#16 + aesd $dat3,q15 + veor $tmp4,$in3,$rndlast + vld1.8 {$in3},[$inp],#16 + aesd $dat4,q15 + vorr $ivec,$in4,$in4 + vld1.8 {$in4},[$inp],#16 + cbz x6,.Lcbc_tail4x + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + veor $tmp0,$tmp0,$dat0 + vorr $dat0,$in0,$in0 + veor $tmp1,$tmp1,$dat1 + vorr $dat1,$in1,$in1 + veor $tmp2,$tmp2,$dat2 + vorr $dat2,$in2,$in2 + veor $tmp3,$tmp3,$dat3 + vorr $dat3,$in3,$in3 + veor $tmp4,$tmp4,$dat4 + vst1.8 {$tmp0},[$out],#16 + vorr $dat4,$in4,$in4 + vst1.8 {$tmp1},[$out],#16 + mov $cnt,$rounds + vst1.8 {$tmp2},[$out],#16 + vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + vst1.8 {$tmp3},[$out],#16 + vst1.8 {$tmp4},[$out],#16 + b.hs .Loop5x_cbc_dec + + add $len,$len,#0x50 + cbz $len,.Lcbc_done + + add $cnt,$rounds,#2 + subs $len,$len,#0x30 + vorr $dat0,$in2,$in2 + vorr $in0,$in2,$in2 + vorr $dat1,$in3,$in3 + vorr $in1,$in3,$in3 + vorr $dat2,$in4,$in4 + vorr $in2,$in4,$in4 + b.lo .Lcbc_dec_tail + + b .Loop3x_cbc_dec + +.align 4 +.Lcbc_tail4x: + veor $tmp1,$tmp0,$dat1 + veor $tmp2,$tmp2,$dat2 + veor $tmp3,$tmp3,$dat3 + veor $tmp4,$tmp4,$dat4 + vst1.8 {$tmp1},[$out],#16 + vst1.8 {$tmp2},[$out],#16 + vst1.8 {$tmp3},[$out],#16 + vst1.8 {$tmp4},[$out],#16 + + b .Lcbc_done +.align 4 +___ +$code.=<<___; .Loop3x_cbc_dec: aesd $dat0,q8 aesimc $dat0,$dat0 @@ -700,6 +912,9 @@ my $step="x12"; # aliases with $tctr2 my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7)); my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); +# used only in 64-bit mode... +my ($dat3,$dat4,$in3,$in4)=map("q$_",(16..23)); + my ($dat,$tmp)=($dat0,$tmp0); ### q8-q15 preloaded key schedule @@ -752,6 +967,175 @@ $code.=<<___; rev $tctr2, $ctr sub $len,$len,#3 // bias vmov.32 ${dat2}[3],$tctr2 +___ +$code.=<<___ if ($flavour =~ /64/); + cmp $len,#2 + b.lo .Loop3x_ctr32 + + add w13,$ctr,#1 + add w14,$ctr,#2 + vorr $dat3,$dat0,$dat0 + rev w13,w13 + vorr $dat4,$dat0,$dat0 + rev w14,w14 + vmov.32 ${dat3}[3],w13 + sub $len,$len,#2 // bias + vmov.32 ${dat4}[3],w14 + add $ctr,$ctr,#2 + b .Loop5x_ctr32 + +.align 4 +.Loop5x_ctr32: + aese $dat0,q8 + aesmc $dat0,$dat0 + aese $dat1,q8 + aesmc $dat1,$dat1 + aese $dat2,q8 + aesmc $dat2,$dat2 + aese $dat3,q8 + aesmc $dat3,$dat3 + aese $dat4,q8 + aesmc $dat4,$dat4 + vld1.32 {q8},[$key_],#16 + subs $cnt,$cnt,#2 + aese $dat0,q9 + aesmc $dat0,$dat0 + aese $dat1,q9 + aesmc $dat1,$dat1 + aese $dat2,q9 + aesmc $dat2,$dat2 + aese $dat3,q9 + aesmc $dat3,$dat3 + aese $dat4,q9 + aesmc $dat4,$dat4 + vld1.32 {q9},[$key_],#16 + b.gt .Loop5x_ctr32 + + mov $key_,$key + aese $dat0,q8 + aesmc $dat0,$dat0 + aese $dat1,q8 + aesmc $dat1,$dat1 + aese $dat2,q8 + aesmc $dat2,$dat2 + aese $dat3,q8 + aesmc $dat3,$dat3 + aese $dat4,q8 + aesmc $dat4,$dat4 + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + + aese $dat0,q9 + aesmc $dat0,$dat0 + aese $dat1,q9 + aesmc $dat1,$dat1 + aese $dat2,q9 + aesmc $dat2,$dat2 + aese $dat3,q9 + aesmc $dat3,$dat3 + aese $dat4,q9 + aesmc $dat4,$dat4 + vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + + aese $dat0,q12 + aesmc $dat0,$dat0 + add $tctr0,$ctr,#1 + add $tctr1,$ctr,#2 + aese $dat1,q12 + aesmc $dat1,$dat1 + add $tctr2,$ctr,#3 + add w13,$ctr,#4 + aese $dat2,q12 + aesmc $dat2,$dat2 + add w14,$ctr,#5 + rev $tctr0,$tctr0 + aese $dat3,q12 + aesmc $dat3,$dat3 + rev $tctr1,$tctr1 + rev $tctr2,$tctr2 + aese $dat4,q12 + aesmc $dat4,$dat4 + rev w13,w13 + rev w14,w14 + + aese $dat0,q13 + aesmc $dat0,$dat0 + aese $dat1,q13 + aesmc $dat1,$dat1 + aese $dat2,q13 + aesmc $dat2,$dat2 + aese $dat3,q13 + aesmc $dat3,$dat3 + aese $dat4,q13 + aesmc $dat4,$dat4 + + aese $dat0,q14 + aesmc $dat0,$dat0 + vld1.8 {$in0},[$inp],#16 + aese $dat1,q14 + aesmc $dat1,$dat1 + vld1.8 {$in1},[$inp],#16 + aese $dat2,q14 + aesmc $dat2,$dat2 + vld1.8 {$in2},[$inp],#16 + aese $dat3,q14 + aesmc $dat3,$dat3 + vld1.8 {$in3},[$inp],#16 + aese $dat4,q14 + aesmc $dat4,$dat4 + vld1.8 {$in4},[$inp],#16 + + aese $dat0,q15 + veor $in0,$in0,$rndlast + aese $dat1,q15 + veor $in1,$in1,$rndlast + aese $dat2,q15 + veor $in2,$in2,$rndlast + aese $dat3,q15 + veor $in3,$in3,$rndlast + aese $dat4,q15 + veor $in4,$in4,$rndlast + + veor $in0,$in0,$dat0 + vorr $dat0,$ivec,$ivec + veor $in1,$in1,$dat1 + vorr $dat1,$ivec,$ivec + veor $in2,$in2,$dat2 + vorr $dat2,$ivec,$ivec + veor $in3,$in3,$dat3 + vorr $dat3,$ivec,$ivec + veor $in4,$in4,$dat4 + vorr $dat4,$ivec,$ivec + + vst1.8 {$in0},[$out],#16 + vmov.32 ${dat0}[3],$tctr0 + vst1.8 {$in1},[$out],#16 + vmov.32 ${dat1}[3],$tctr1 + vst1.8 {$in2},[$out],#16 + vmov.32 ${dat2}[3],$tctr2 + vst1.8 {$in3},[$out],#16 + vmov.32 ${dat3}[3],w13 + vst1.8 {$in4},[$out],#16 + vmov.32 ${dat4}[3],w14 + + mov $cnt,$rounds + cbz $len,.Lctr32_done + + add $ctr,$ctr,#5 + subs $len,$len,#5 + b.hs .Loop5x_ctr32 + + add $len,$len,#5 + sub $ctr,$ctr,#5 + + cmp $len,#2 + mov $step,#16 + cclr $step,lo + b.ls .Lctr32_tail + + sub $len,$len,#3 // bias + add $ctr,$ctr,#3 +___ +$code.=<<___; b .Loop3x_ctr32 .align 4 diff --git a/crypto/aes/asm/vpaes-armv8.pl b/crypto/aes/asm/vpaes-armv8.pl index f08ae58..c7839b3 100755 --- a/crypto/aes/asm/vpaes-armv8.pl +++ b/crypto/aes/asm/vpaes-armv8.pl @@ -30,6 +30,7 @@ # Denver(***) 16.6(**) 15.1/17.8(**) [8.80/9.93 ] # Apple A7(***) 22.7(**) 10.9/14.3 [8.45/10.0 ] # Mongoose(***) 26.3(**) 21.0/25.0(**) [13.3/16.8 ] +# ThunderX2(***) 39.4(**) 33.8/48.6(**) # # (*) ECB denotes approximate result for parallelizable modes # such as CBC decrypt, CTR, etc.; diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl index 56ba1c3..1f51017 100755 --- a/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/chacha/asm/chacha-armv8.pl @@ -18,22 +18,31 @@ # # ChaCha20 for ARMv8. # +# April 2019 +# +# Replace 3xNEON+1xIALU code path with 4+1. 4+1 is actually fastest +# option on most(*), but not all, processors, yet 6+2 is retained. +# This is because penalties are considered tolerable in comparison to +# improvement on processors where 6+2 helps. Most notably +37% on +# ThunderX2. It's server-oriented processor which will have to serve +# as many requests as possible. While others are mostly clients, when +# performance doesn't have to be absolute top-notch, just fast enough, +# as majority of time is spent "entertaining" relatively slow human. +# # Performance in cycles per byte out of large buffer. # -# IALU/gcc-4.9 3xNEON+1xIALU 6xNEON+2xIALU +# IALU/gcc-4.9 4xNEON+1xIALU 6xNEON+2xIALU # -# Apple A7 5.50/+49% 3.33 1.70 -# Cortex-A53 8.40/+80% 4.72 4.72(*) -# Cortex-A57 8.06/+43% 4.90 4.43(**) -# Denver 4.50/+82% 2.63 2.67(*) -# X-Gene 9.50/+46% 8.82 8.89(*) -# Mongoose 8.00/+44% 3.64 3.25 -# Kryo 8.17/+50% 4.83 4.65 +# Apple A7 5.50/+49% 2.72 1.60 +# Cortex-A53 8.40/+80% 4.06 4.45(*) +# Cortex-A57 8.06/+43% 4.15 4.40(*) +# Denver 4.50/+82% 2.30 2.70(*) +# X-Gene 9.50/+46% 8.20 8.90(*) +# Mongoose 8.00/+44% 2.74 3.12(*) +# Kryo 8.17/+50% 4.47 4.65(*) +# ThunderX2 7.22/+48% 5.64 4.10 # -# (*) it's expected that doubling interleave factor doesn't help -# all processors, only those with higher NEON latency and -# higher instruction issue rate; -# (**) expected improvement was actually higher; +# (*) slower than 4+1:-( $flavour=shift; $output=shift; @@ -120,18 +129,21 @@ my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); } $code.=<<___; -#include "arm_arch.h" +#ifndef __KERNEL__ +# include "arm_arch.h" +.extern OPENSSL_armcap_P +#endif .text -.extern OPENSSL_armcap_P - .align 5 .Lsigma: .quad 0x3320646e61707865,0x6b20657479622d32 // endian-neutral .Lone: -.long 1,0,0,0 -.asciz "ChaCha20 for ARMv8, CRYPTOGAMS by " +.long 1,2,3,4 +.Lrot24: +.long 0x02010003,0x06050407,0x0a09080b,0x0e0d0c0f +.asciz "ChaCha20 for ARMv8, CRYPTOGAMS by \@dot-asm" .globl ChaCha20_ctr32 .type ChaCha20_ctr32,%function @@ -141,10 +153,12 @@ ChaCha20_ctr32: cmp $len,#192 b.lo .Lshort +#ifndef __KERNEL__ adrp x17,OPENSSL_armcap_P ldr w17,[x17,#:lo12:OPENSSL_armcap_P] tst w17,#ARMV7_NEON b.ne .LChaCha20_neon +#endif .Lshort: .inst 0xd503233f // paciasp @@ -163,7 +177,7 @@ ChaCha20_ctr32: ldp @d[2], at d[3],[$key] // load key ldp @d[4], at d[5],[$key,#16] ldp @d[6], at d[7],[$ctr] // load counter -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror @d[2], at d[2],#32 ror @d[3], at d[3],#32 ror @d[4], at d[4],#32 @@ -232,7 +246,7 @@ $code.=<<___; add @x[14], at x[14], at x[15],lsl#32 ldp @x[13], at x[15],[$inp,#48] add $inp,$inp,#64 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev @x[0], at x[0] rev @x[2], at x[2] rev @x[4], at x[4] @@ -289,7 +303,7 @@ $code.=<<___; add @x[10], at x[10], at x[11],lsl#32 add @x[12], at x[12], at x[13],lsl#32 add @x[14], at x[14], at x[15],lsl#32 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev @x[0], at x[0] rev @x[2], at x[2] rev @x[4], at x[4] @@ -330,43 +344,87 @@ $code.=<<___; ___ {{{ -my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,$T0,$T1,$T2,$T3) = - map("v$_.4s",(0..7,16..23)); -my (@K)=map("v$_.4s",(24..30)); -my $ONE="v31.4s"; +my @K = map("v$_.4s",(0..3)); +my ($xt0,$xt1,$xt2,$xt3, $CTR,$ROT24) = map("v$_.4s",(4..9)); +my @X = map("v$_.4s",(16,20,24,28, 17,21,25,29, 18,22,26,30, 19,23,27,31)); +my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, + $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = @X; -sub NEONROUND { -my $odd = pop; -my ($a,$b,$c,$d,$t)=@_; +sub NEON_lane_ROUND { +my ($a0,$b0,$c0,$d0)=@_; +my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); +my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); +my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); +my @x=map("'$_'", at X); ( - "&add ('$a','$a','$b')", - "&eor ('$d','$d','$a')", - "&rev32_16 ('$d','$d')", # vrot ($d,16) - - "&add ('$c','$c','$d')", - "&eor ('$t','$b','$c')", - "&ushr ('$b','$t',20)", - "&sli ('$b','$t',12)", - - "&add ('$a','$a','$b')", - "&eor ('$t','$d','$a')", - "&ushr ('$d','$t',24)", - "&sli ('$d','$t',8)", - - "&add ('$c','$c','$d')", - "&eor ('$t','$b','$c')", - "&ushr ('$b','$t',25)", - "&sli ('$b','$t',7)", - - "&ext ('$c','$c','$c',8)", - "&ext ('$d','$d','$d',$odd?4:12)", - "&ext ('$b','$b','$b',$odd?12:4)" + "&add (@x[$a0], at x[$a0], at x[$b0])", # Q1 + "&add (@x[$a1], at x[$a1], at x[$b1])", # Q2 + "&add (@x[$a2], at x[$a2], at x[$b2])", # Q3 + "&add (@x[$a3], at x[$a3], at x[$b3])", # Q4 + "&eor (@x[$d0], at x[$d0], at x[$a0])", + "&eor (@x[$d1], at x[$d1], at x[$a1])", + "&eor (@x[$d2], at x[$d2], at x[$a2])", + "&eor (@x[$d3], at x[$d3], at x[$a3])", + "&rev32_16 (@x[$d0], at x[$d0])", + "&rev32_16 (@x[$d1], at x[$d1])", + "&rev32_16 (@x[$d2], at x[$d2])", + "&rev32_16 (@x[$d3], at x[$d3])", + + "&add (@x[$c0], at x[$c0], at x[$d0])", + "&add (@x[$c1], at x[$c1], at x[$d1])", + "&add (@x[$c2], at x[$c2], at x[$d2])", + "&add (@x[$c3], at x[$c3], at x[$d3])", + "&eor ('$xt0', at x[$b0], at x[$c0])", + "&eor ('$xt1', at x[$b1], at x[$c1])", + "&eor ('$xt2', at x[$b2], at x[$c2])", + "&eor ('$xt3', at x[$b3], at x[$c3])", + "&ushr (@x[$b0],'$xt0',20)", + "&ushr (@x[$b1],'$xt1',20)", + "&ushr (@x[$b2],'$xt2',20)", + "&ushr (@x[$b3],'$xt3',20)", + "&sli (@x[$b0],'$xt0',12)", + "&sli (@x[$b1],'$xt1',12)", + "&sli (@x[$b2],'$xt2',12)", + "&sli (@x[$b3],'$xt3',12)", + + "&add (@x[$a0], at x[$a0], at x[$b0])", + "&add (@x[$a1], at x[$a1], at x[$b1])", + "&add (@x[$a2], at x[$a2], at x[$b2])", + "&add (@x[$a3], at x[$a3], at x[$b3])", + "&eor ('$xt0', at x[$d0], at x[$a0])", + "&eor ('$xt1', at x[$d1], at x[$a1])", + "&eor ('$xt2', at x[$d2], at x[$a2])", + "&eor ('$xt3', at x[$d3], at x[$a3])", + "&tbl (@x[$d0],'{$xt0}','$ROT24')", + "&tbl (@x[$d1],'{$xt1}','$ROT24')", + "&tbl (@x[$d2],'{$xt2}','$ROT24')", + "&tbl (@x[$d3],'{$xt3}','$ROT24')", + + "&add (@x[$c0], at x[$c0], at x[$d0])", + "&add (@x[$c1], at x[$c1], at x[$d1])", + "&add (@x[$c2], at x[$c2], at x[$d2])", + "&add (@x[$c3], at x[$c3], at x[$d3])", + "&eor ('$xt0', at x[$b0], at x[$c0])", + "&eor ('$xt1', at x[$b1], at x[$c1])", + "&eor ('$xt2', at x[$b2], at x[$c2])", + "&eor ('$xt3', at x[$b3], at x[$c3])", + "&ushr (@x[$b0],'$xt0',25)", + "&ushr (@x[$b1],'$xt1',25)", + "&ushr (@x[$b2],'$xt2',25)", + "&ushr (@x[$b3],'$xt3',25)", + "&sli (@x[$b0],'$xt0',7)", + "&sli (@x[$b1],'$xt1',7)", + "&sli (@x[$b2],'$xt2',7)", + "&sli (@x[$b3],'$xt3',7)" ); } $code.=<<___; +#ifdef __KERNEL__ +.globl ChaCha20_neon +#endif .type ChaCha20_neon,%function .align 5 ChaCha20_neon: @@ -393,8 +451,9 @@ ChaCha20_neon: ld1 {@K[1], at K[2]},[$key] ldp @d[6], at d[7],[$ctr] // load counter ld1 {@K[3]},[$ctr] - ld1 {$ONE},[@x[0]] -#ifdef __ARMEB__ + stp d8,d9,[sp] // meet ABI requirements + ld1 {$CTR,$ROT24},[@x[0]] +#ifdef __AARCH64EB__ rev64 @K[0], at K[0] ror @d[2], at d[2],#32 ror @d[3], at d[3],#32 @@ -403,115 +462,129 @@ ChaCha20_neon: ror @d[6], at d[6],#32 ror @d[7], at d[7],#32 #endif - add @K[3], at K[3],$ONE // += 1 - add @K[4], at K[3],$ONE - add @K[5], at K[4],$ONE - shl $ONE,$ONE,#2 // 1 -> 4 .Loop_outer_neon: - mov.32 @x[0], at d[0] // unpack key block - lsr @x[1], at d[0],#32 - mov $A0, at K[0] - mov.32 @x[2], at d[1] - lsr @x[3], at d[1],#32 - mov $A1, at K[0] - mov.32 @x[4], at d[2] - lsr @x[5], at d[2],#32 - mov $A2, at K[0] - mov.32 @x[6], at d[3] - mov $B0, at K[1] - lsr @x[7], at d[3],#32 - mov $B1, at K[1] - mov.32 @x[8], at d[4] - mov $B2, at K[1] - lsr @x[9], at d[4],#32 - mov $D0, at K[3] - mov.32 @x[10], at d[5] - mov $D1, at K[4] - lsr @x[11], at d[5],#32 - mov $D2, at K[5] - mov.32 @x[12], at d[6] - mov $C0, at K[2] - lsr @x[13], at d[6],#32 - mov $C1, at K[2] - mov.32 @x[14], at d[7] - mov $C2, at K[2] - lsr @x[15], at d[7],#32 + dup $xa0,@{K[0]}[0] // unpack key block + mov.32 @x[0], at d[0] + dup $xa1,@{K[0]}[1] + lsr @x[1], at d[0],#32 + dup $xa2,@{K[0]}[2] + mov.32 @x[2], at d[1] + dup $xa3,@{K[0]}[3] + lsr @x[3], at d[1],#32 + dup $xb0,@{K[1]}[0] + mov.32 @x[4], at d[2] + dup $xb1,@{K[1]}[1] + lsr @x[5], at d[2],#32 + dup $xb2,@{K[1]}[2] + mov.32 @x[6], at d[3] + dup $xb3,@{K[1]}[3] + lsr @x[7], at d[3],#32 + dup $xd0,@{K[3]}[0] + mov.32 @x[8], at d[4] + dup $xd1,@{K[3]}[1] + lsr @x[9], at d[4],#32 + dup $xd2,@{K[3]}[2] + mov.32 @x[10], at d[5] + dup $xd3,@{K[3]}[3] + lsr @x[11], at d[5],#32 + add $xd0,$xd0,$CTR + mov.32 @x[12], at d[6] + dup $xc0,@{K[2]}[0] + lsr @x[13], at d[6],#32 + dup $xc1,@{K[2]}[1] + mov.32 @x[14], at d[7] + dup $xc2,@{K[2]}[2] + lsr @x[15], at d[7],#32 + dup $xc3,@{K[2]}[3] mov $ctr,#10 - subs $len,$len,#256 + subs $len,$len,#320 .Loop_neon: sub $ctr,$ctr,#1 ___ - my @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0); - my @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0); - my @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0); - my @thread3=&ROUND(0,4,8,12); - - foreach (@thread0) { - eval; eval(shift(@thread3)); - eval(shift(@thread1)); eval(shift(@thread3)); - eval(shift(@thread2)); eval(shift(@thread3)); - } + my @plus_one=&ROUND(0,4,8,12); + foreach (&NEON_lane_ROUND(0,4,8,12)) { eval; eval(shift(@plus_one)); } - @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1); - @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1); - @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1); - @thread3=&ROUND(0,5,10,15); - - foreach (@thread0) { - eval; eval(shift(@thread3)); - eval(shift(@thread1)); eval(shift(@thread3)); - eval(shift(@thread2)); eval(shift(@thread3)); - } + @plus_one=&ROUND(0,5,10,15); + foreach (&NEON_lane_ROUND(0,5,10,15)) { eval; eval(shift(@plus_one)); } $code.=<<___; cbnz $ctr,.Loop_neon - add.32 @x[0], at x[0], at d[0] // accumulate key block - add $A0,$A0, at K[0] - add @x[1], at x[1], at d[0],lsr#32 - add $A1,$A1, at K[0] - add.32 @x[2], at x[2], at d[1] - add $A2,$A2, at K[0] - add @x[3], at x[3], at d[1],lsr#32 - add $C0,$C0, at K[2] - add.32 @x[4], at x[4], at d[2] - add $C1,$C1, at K[2] - add @x[5], at x[5], at d[2],lsr#32 - add $C2,$C2, at K[2] - add.32 @x[6], at x[6], at d[3] - add $D0,$D0, at K[3] - add @x[7], at x[7], at d[3],lsr#32 - add.32 @x[8], at x[8], at d[4] - add $D1,$D1, at K[4] - add @x[9], at x[9], at d[4],lsr#32 - add.32 @x[10], at x[10], at d[5] - add $D2,$D2, at K[5] - add @x[11], at x[11], at d[5],lsr#32 - add.32 @x[12], at x[12], at d[6] - add $B0,$B0, at K[1] - add @x[13], at x[13], at d[6],lsr#32 - add.32 @x[14], at x[14], at d[7] - add $B1,$B1, at K[1] - add @x[15], at x[15], at d[7],lsr#32 - add $B2,$B2, at K[1] + add $xd0,$xd0,$CTR + + zip1 $xt0,$xa0,$xa1 // transpose data + zip1 $xt1,$xa2,$xa3 + zip2 $xt2,$xa0,$xa1 + zip2 $xt3,$xa2,$xa3 + zip1.64 $xa0,$xt0,$xt1 + zip2.64 $xa1,$xt0,$xt1 + zip1.64 $xa2,$xt2,$xt3 + zip2.64 $xa3,$xt2,$xt3 + + zip1 $xt0,$xb0,$xb1 + zip1 $xt1,$xb2,$xb3 + zip2 $xt2,$xb0,$xb1 + zip2 $xt3,$xb2,$xb3 + zip1.64 $xb0,$xt0,$xt1 + zip2.64 $xb1,$xt0,$xt1 + zip1.64 $xb2,$xt2,$xt3 + zip2.64 $xb3,$xt2,$xt3 + + zip1 $xt0,$xc0,$xc1 + add.32 @x[0], at x[0], at d[0] // accumulate key block + zip1 $xt1,$xc2,$xc3 + add @x[1], at x[1], at d[0],lsr#32 + zip2 $xt2,$xc0,$xc1 + add.32 @x[2], at x[2], at d[1] + zip2 $xt3,$xc2,$xc3 + add @x[3], at x[3], at d[1],lsr#32 + zip1.64 $xc0,$xt0,$xt1 + add.32 @x[4], at x[4], at d[2] + zip2.64 $xc1,$xt0,$xt1 + add @x[5], at x[5], at d[2],lsr#32 + zip1.64 $xc2,$xt2,$xt3 + add.32 @x[6], at x[6], at d[3] + zip2.64 $xc3,$xt2,$xt3 + add @x[7], at x[7], at d[3],lsr#32 + + zip1 $xt0,$xd0,$xd1 + add.32 @x[8], at x[8], at d[4] + zip1 $xt1,$xd2,$xd3 + add @x[9], at x[9], at d[4],lsr#32 + zip2 $xt2,$xd0,$xd1 + add.32 @x[10], at x[10], at d[5] + zip2 $xt3,$xd2,$xd3 + add @x[11], at x[11], at d[5],lsr#32 + zip1.64 $xd0,$xt0,$xt1 + add.32 @x[12], at x[12], at d[6] + zip2.64 $xd1,$xt0,$xt1 + add @x[13], at x[13], at d[6],lsr#32 + zip1.64 $xd2,$xt2,$xt3 + add.32 @x[14], at x[14], at d[7] + zip2.64 $xd3,$xt2,$xt3 + add @x[15], at x[15], at d[7],lsr#32 b.lo .Ltail_neon add @x[0], at x[0], at x[1],lsl#32 // pack add @x[2], at x[2], at x[3],lsl#32 ldp @x[1], at x[3],[$inp,#0] // load input + add $xa0,$xa0, at K[0] // accumulate key block add @x[4], at x[4], at x[5],lsl#32 add @x[6], at x[6], at x[7],lsl#32 ldp @x[5], at x[7],[$inp,#16] + add $xb0,$xb0, at K[1] add @x[8], at x[8], at x[9],lsl#32 add @x[10], at x[10], at x[11],lsl#32 ldp @x[9], at x[11],[$inp,#32] + add $xc0,$xc0, at K[2] add @x[12], at x[12], at x[13],lsl#32 add @x[14], at x[14], at x[15],lsl#32 ldp @x[13], at x[15],[$inp,#48] + add $xd0,$xd0, at K[3] add $inp,$inp,#64 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev @x[0], at x[0] rev @x[2], at x[2] rev @x[4], at x[4] @@ -521,48 +594,68 @@ $code.=<<___; rev @x[12], at x[12] rev @x[14], at x[14] #endif - ld1.8 {$T0-$T3},[$inp],#64 + ld1.8 {$xt0-$xt3},[$inp],#64 eor @x[0], at x[0], at x[1] + add $xa1,$xa1, at K[0] eor @x[2], at x[2], at x[3] + add $xb1,$xb1, at K[1] eor @x[4], at x[4], at x[5] + add $xc1,$xc1, at K[2] eor @x[6], at x[6], at x[7] + add $xd1,$xd1, at K[3] eor @x[8], at x[8], at x[9] - eor $A0,$A0,$T0 + eor $xa0,$xa0,$xt0 + movi $xt0,#5 eor @x[10], at x[10], at x[11] - eor $B0,$B0,$T1 + eor $xb0,$xb0,$xt1 eor @x[12], at x[12], at x[13] - eor $C0,$C0,$T2 + eor $xc0,$xc0,$xt2 eor @x[14], at x[14], at x[15] - eor $D0,$D0,$T3 - ld1.8 {$T0-$T3},[$inp],#64 + eor $xd0,$xd0,$xt3 + add $CTR,$CTR,$xt0 // += 5 + ld1.8 {$xt0-$xt3},[$inp],#64 stp @x[0], at x[2],[$out,#0] // store output - add @d[6], at d[6],#4 // increment counter + add @d[6], at d[6],#5 // increment counter stp @x[4], at x[6],[$out,#16] - add @K[3], at K[3],$ONE // += 4 stp @x[8], at x[10],[$out,#32] - add @K[4], at K[4],$ONE stp @x[12], at x[14],[$out,#48] - add @K[5], at K[5],$ONE add $out,$out,#64 - st1.8 {$A0-$D0},[$out],#64 - ld1.8 {$A0-$D0},[$inp],#64 - - eor $A1,$A1,$T0 - eor $B1,$B1,$T1 - eor $C1,$C1,$T2 - eor $D1,$D1,$T3 - st1.8 {$A1-$D1},[$out],#64 - - eor $A2,$A2,$A0 - eor $B2,$B2,$B0 - eor $C2,$C2,$C0 - eor $D2,$D2,$D0 - st1.8 {$A2-$D2},[$out],#64 + st1.8 {$xa0-$xd0},[$out],#64 + add $xa2,$xa2, at K[0] + add $xb2,$xb2, at K[1] + add $xc2,$xc2, at K[2] + add $xd2,$xd2, at K[3] + ld1.8 {$xa0-$xd0},[$inp],#64 + + eor $xa1,$xa1,$xt0 + eor $xb1,$xb1,$xt1 + eor $xc1,$xc1,$xt2 + eor $xd1,$xd1,$xt3 + st1.8 {$xa1-$xd1},[$out],#64 + add $xa3,$xa3, at K[0] + add $xb3,$xb3, at K[1] + add $xc3,$xc3, at K[2] + add $xd3,$xd3, at K[3] + ld1.8 {$xa1-$xd1},[$inp],#64 + + eor $xa2,$xa2,$xa0 + eor $xb2,$xb2,$xb0 + eor $xc2,$xc2,$xc0 + eor $xd2,$xd2,$xd0 + st1.8 {$xa2-$xd2},[$out],#64 + + eor $xa3,$xa3,$xa1 + eor $xb3,$xb3,$xb1 + eor $xc3,$xc3,$xc1 + eor $xd3,$xd3,$xd1 + st1.8 {$xa3-$xd3},[$out],#64 b.hi .Loop_outer_neon + ldp d8,d9,[sp] // meet ABI requirements + ldp x19,x20,[x29,#16] add sp,sp,#64 ldp x21,x22,[x29,#32] @@ -573,8 +666,10 @@ $code.=<<___; .inst 0xd50323bf // autiasp ret +.align 4 .Ltail_neon: - add $len,$len,#256 + add $len,$len,#320 + ldp d8,d9,[sp] // meet ABI requirements cmp $len,#64 b.lo .Less_than_64 @@ -591,7 +686,7 @@ $code.=<<___; add @x[14], at x[14], at x[15],lsl#32 ldp @x[13], at x[15],[$inp,#48] add $inp,$inp,#64 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev @x[0], at x[0] rev @x[2], at x[2] rev @x[4], at x[4] @@ -611,48 +706,68 @@ $code.=<<___; eor @x[14], at x[14], at x[15] stp @x[0], at x[2],[$out,#0] // store output - add @d[6], at d[6],#4 // increment counter + add $xa0,$xa0, at K[0] // accumulate key block stp @x[4], at x[6],[$out,#16] + add $xb0,$xb0, at K[1] stp @x[8], at x[10],[$out,#32] + add $xc0,$xc0, at K[2] stp @x[12], at x[14],[$out,#48] + add $xd0,$xd0, at K[3] add $out,$out,#64 b.eq .Ldone_neon sub $len,$len,#64 cmp $len,#64 - b.lo .Less_than_128 - - ld1.8 {$T0-$T3},[$inp],#64 - eor $A0,$A0,$T0 - eor $B0,$B0,$T1 - eor $C0,$C0,$T2 - eor $D0,$D0,$T3 - st1.8 {$A0-$D0},[$out],#64 + b.lo .Last_neon + + ld1.8 {$xt0-$xt3},[$inp],#64 + eor $xa0,$xa0,$xt0 + eor $xb0,$xb0,$xt1 + eor $xc0,$xc0,$xt2 + eor $xd0,$xd0,$xt3 + st1.8 {$xa0-$xd0},[$out],#64 b.eq .Ldone_neon + + add $xa0,$xa1, at K[0] + add $xb0,$xb1, at K[1] sub $len,$len,#64 + add $xc0,$xc1, at K[2] cmp $len,#64 - b.lo .Less_than_192 - - ld1.8 {$T0-$T3},[$inp],#64 - eor $A1,$A1,$T0 - eor $B1,$B1,$T1 - eor $C1,$C1,$T2 - eor $D1,$D1,$T3 - st1.8 {$A1-$D1},[$out],#64 + add $xd0,$xd1, at K[3] + b.lo .Last_neon + + ld1.8 {$xt0-$xt3},[$inp],#64 + eor $xa1,$xa0,$xt0 + eor $xb1,$xb0,$xt1 + eor $xc1,$xc0,$xt2 + eor $xd1,$xd0,$xt3 + st1.8 {$xa1-$xd1},[$out],#64 b.eq .Ldone_neon - sub $len,$len,#64 - st1.8 {$A2-$D2},[sp] - b .Last_neon + add $xa0,$xa2, at K[0] + add $xb0,$xb2, at K[1] + sub $len,$len,#64 + add $xc0,$xc2, at K[2] + cmp $len,#64 + add $xd0,$xd2, at K[3] + b.lo .Last_neon + + ld1.8 {$xt0-$xt3},[$inp],#64 + eor $xa2,$xa0,$xt0 + eor $xb2,$xb0,$xt1 + eor $xc2,$xc0,$xt2 + eor $xd2,$xd0,$xt3 + st1.8 {$xa2-$xd2},[$out],#64 + b.eq .Ldone_neon -.Less_than_128: - st1.8 {$A0-$D0},[sp] - b .Last_neon -.Less_than_192: - st1.8 {$A1-$D1},[sp] - b .Last_neon + add $xa0,$xa3, at K[0] + add $xb0,$xb3, at K[1] + add $xc0,$xc3, at K[2] + add $xd0,$xd3, at K[3] + sub $len,$len,#64 -.align 4 .Last_neon: + st1.8 {$xa0-$xd0},[sp] + sub $out,$out,#1 add $inp,$inp,$len add $out,$out,$len @@ -685,9 +800,41 @@ $code.=<<___; .size ChaCha20_neon,.-ChaCha20_neon ___ { +my @K = map("v$_.4s",(0..6)); my ($T0,$T1,$T2,$T3,$T4,$T5)=@K; my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2, - $A3,$B3,$C3,$D3,$A4,$B4,$C4,$D4,$A5,$B5,$C5,$D5) = map("v$_.4s",(0..23)); + $A3,$B3,$C3,$D3,$A4,$B4,$C4,$D4,$A5,$B5,$C5,$D5) = map("v$_.4s",(8..31)); +my $rot24 = @K[6]; +my $ONE = "v7.4s"; + +sub NEONROUND { +my $odd = pop; +my ($a,$b,$c,$d,$t)=@_; + + ( + "&add ('$a','$a','$b')", + "&eor ('$d','$d','$a')", + "&rev32_16 ('$d','$d')", # vrot ($d,16) + + "&add ('$c','$c','$d')", + "&eor ('$t','$b','$c')", + "&ushr ('$b','$t',20)", + "&sli ('$b','$t',12)", + + "&add ('$a','$a','$b')", + "&eor ('$d','$d','$a')", + "&tbl ('$d','{$d}','$rot24')", + + "&add ('$c','$c','$d')", + "&eor ('$t','$b','$c')", + "&ushr ('$b','$t',25)", + "&sli ('$b','$t',7)", + + "&ext ('$c','$c','$c',8)", + "&ext ('$d','$d','$d',$odd?4:12)", + "&ext ('$b','$b','$b',$odd?12:4)" + ); +} $code.=<<___; .type ChaCha20_512_neon,%function @@ -707,6 +854,7 @@ ChaCha20_512_neon: .L512_or_more_neon: sub sp,sp,#128+64 + eor $ONE,$ONE,$ONE ldp @d[0], at d[1],[@x[0]] // load sigma ld1 {@K[0]},[@x[0]],#16 ldp @d[2], at d[3],[$key] // load key @@ -714,8 +862,9 @@ ChaCha20_512_neon: ld1 {@K[1], at K[2]},[$key] ldp @d[6], at d[7],[$ctr] // load counter ld1 {@K[3]},[$ctr] - ld1 {$ONE},[@x[0]] -#ifdef __ARMEB__ + ld1 {$ONE}[0],[@x[0]] + add $key, at x[0],#16 // .Lrot24 +#ifdef __AARCH64EB__ rev64 @K[0], at K[0] ror @d[2], at d[2],#32 ror @d[3], at d[3],#32 @@ -782,9 +931,10 @@ ChaCha20_512_neon: mov $C4, at K[2] stp @K[3], at K[4],[sp,#48] // off-load key block, variable part mov $C5, at K[2] - str @K[5],[sp,#80] + stp @K[5], at K[6],[sp,#80] mov $ctr,#5 + ld1 {$rot24},[$key] subs $len,$len,#512 .Loop_upper_neon: sub $ctr,$ctr,#1 @@ -857,7 +1007,7 @@ $code.=<<___; add @x[14], at x[14], at x[15],lsl#32 ldp @x[13], at x[15],[$inp,#48] add $inp,$inp,#64 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev @x[0], at x[0] rev @x[2], at x[2] rev @x[4], at x[4] @@ -946,6 +1096,7 @@ $code.=<<___; add.32 @x[2], at x[2], at d[1] ldp @K[4], at K[5],[sp,#64] add @x[3], at x[3], at d[1],lsr#32 + ldr @K[6],[sp,#96] add $A0,$A0, at K[0] add.32 @x[4], at x[4], at d[2] add $A1,$A1, at K[0] @@ -998,7 +1149,7 @@ $code.=<<___; add $inp,$inp,#64 add $B5,$B5, at K[1] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev @x[0], at x[0] rev @x[2], at x[2] rev @x[4], at x[4] @@ -1076,24 +1227,24 @@ $code.=<<___; b.hs .Loop_outer_512_neon adds $len,$len,#512 - ushr $A0,$ONE,#2 // 4 -> 1 + ushr $ONE,$ONE,#1 // 4 -> 2 ldp d8,d9,[sp,#128+0] // meet ABI requirements ldp d10,d11,[sp,#128+16] ldp d12,d13,[sp,#128+32] ldp d14,d15,[sp,#128+48] - stp @K[0],$ONE,[sp,#0] // wipe off-load area - stp @K[0],$ONE,[sp,#32] - stp @K[0],$ONE,[sp,#64] + stp @K[0], at K[0],[sp,#0] // wipe off-load area + stp @K[0], at K[0],[sp,#32] + stp @K[0], at K[0],[sp,#64] b.eq .Ldone_512_neon + sub $key,$key,#16 // .Lone cmp $len,#192 - sub @K[3], at K[3],$A0 // -= 1 - sub @K[4], at K[4],$A0 - sub @K[5], at K[5],$A0 add sp,sp,#128 + sub @K[3], at K[3],$ONE // -= 2 + ld1 {$CTR,$ROT24},[$key] b.hs .Loop_outer_neon eor @K[1], at K[1], at K[1] @@ -1123,9 +1274,11 @@ foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/geo; (s/\b([a-z]+)\.32\b/$1/ and (s/x([0-9]+)/w$1/g or 1)) or - (m/\b(eor|ext|mov)\b/ and (s/\.4s/\.16b/g or 1)) or + (m/\b(eor|ext|mov|tbl)\b/ and (s/\.4s/\.16b/g or 1)) or (s/\b((?:ld|st)1)\.8\b/$1/ and (s/\.4s/\.16b/g or 1)) or (m/\b(ld|st)[rp]\b/ and (s/v([0-9]+)\.4s/q$1/g or 1)) or + (m/\b(dup|ld1)\b/ and (s/\.4(s}?\[[0-3]\])/.$1/g or 1)) or + (s/\b(zip[12])\.64\b/$1/ and (s/\.4s/\.2d/g or 1)) or (s/\brev32\.16\b/rev32/ and (s/\.4s/\.8h/g or 1)); #s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo; diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index e891583..fbc49d1 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -42,6 +42,7 @@ # Denver 0.51 0.65 6.02 # Mongoose 0.65 1.10 8.06 # Kryo 0.76 1.16 8.00 +# ThunderX2 1.05 # # (*) presented for reference/comparison purposes; diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index b7aa7dc..b5dd61e 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -29,6 +29,7 @@ # X-Gene 2.13/+68% 2.27 # Mongoose 1.77/+75% 1.12 # Kryo 2.70/+55% 1.13 +# ThunderX2 1.17/+95% 1.36 # # (*) estimate based on resources availability is less than 1.0, # i.e. measured result is worse than expected, presumably binary diff --git a/crypto/sha/asm/keccak1600-armv8.pl b/crypto/sha/asm/keccak1600-armv8.pl index bd15a52..dc72f18 100755 --- a/crypto/sha/asm/keccak1600-armv8.pl +++ b/crypto/sha/asm/keccak1600-armv8.pl @@ -51,6 +51,7 @@ # Kryo 12 # Denver 7.8 # Apple A7 7.2 +# ThunderX2 9.7 # # (*) Corresponds to SHA3-256. No improvement coefficients are listed # because they vary too much from compiler to compiler. Newer diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl index 7a0cbf5..12403eb 100644 --- a/crypto/sha/asm/sha1-armv8.pl +++ b/crypto/sha/asm/sha1-armv8.pl @@ -27,6 +27,7 @@ # X-Gene 8.80 (+200%) # Mongoose 2.05 6.50 (+160%) # Kryo 1.88 8.00 (+90%) +# ThunderX2 2.64 6.36 (+150%) # # (*) Software results are presented mostly for reference purposes. # (**) Keep in mind that Denver relies on binary translation, which diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl index f7c6721..b9ba05b 100644 --- a/crypto/sha/asm/sha512-armv8.pl +++ b/crypto/sha/asm/sha512-armv8.pl @@ -28,6 +28,7 @@ # X-Gene 20.0 (+100%) 12.8 (+300%(***)) # Mongoose 2.36 13.0 (+50%) 8.36 (+33%) # Kryo 1.92 17.4 (+30%) 11.2 (+8%) +# ThunderX2 2.54 13.2 (+40%) 8.40 (+18%) # # (*) Software SHA256 results are of lesser relevance, presented # mostly for informational purposes. From builds at travis-ci.org Thu Apr 18 09:46:00 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 18 Apr 2019 09:46:00 +0000 Subject: Still Failing: openssl/openssl#24808 (master - 86a7ac5) In-Reply-To: Message-ID: <5cb847589fbb6_43ff29ef1efe812014f@53f05eca-24cc-4911-b156-7782a087e54b.mail> Build Update for openssl/openssl ------------------------------------- Build: #24808 Status: Still Failing Duration: 22 mins and 14 secs Commit: 86a7ac5 (master) Author: Andy Polyakov Message: chacha/asm/chacha-armv8.pl: replace 3+1 code paths with 4+1. The change is triggered by ThunderX2 where 3+1 was slower than scalar code path, but it helps all processors [to handle <512 inputs]. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8776) View the changeset: https://github.com/openssl/openssl/compare/ad7e17dd6c8a...86a7ac5e76fd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/521633119?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 18 11:30:04 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Apr 2019 11:30:04 +0000 Subject: Build failed: openssl master.24215 Message-ID: <20190418113004.1.0CF20B5FD6EFDEFF@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Apr 18 11:43:32 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 18 Apr 2019 11:43:32 +0000 Subject: [openssl] master update Message-ID: <1555587812.093099.17046.nullmailer@dev.openssl.org> The branch master has been updated via 87d9955e8cd2f1a2aa7f3a3e1da6c3c828070da1 (commit) from 86a7ac5e76fd3df9a5c3422153ae5a3e4f99b3a8 (commit) - Log ----------------------------------------------------------------- commit 87d9955e8cd2f1a2aa7f3a3e1da6c3c828070da1 Author: Simo Sorce Date: Wed Apr 17 10:48:49 2019 -0400 Add SSHKDF in evp_kdf_test Signed-off-by: Simo Sorce Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8774) ----------------------------------------------------------------------- Summary of changes: test/evp_kdf_test.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 4215fe3..955daf7 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -253,6 +253,60 @@ static int test_kdf_ss_kmac(void) return ret; } +static int test_kdf_sshkdf(void) +{ + int ret; + EVP_KDF_CTX *kctx; + unsigned char out[8]; + /* Test data from NIST CAVS 14.1 test vectors */ + const unsigned char key[] = { + 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a, + 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a, + 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa, + 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78, + 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2, + 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90, + 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80, + 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2, + 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08, + 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43, + 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14, + 0x4e + }; + const unsigned char xcghash[] = { + 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, + 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, + 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 + }; + const unsigned char sessid[] = { + 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, + 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, + 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 + }; + const unsigned char expected[sizeof(out)] = { + 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6 + }; + + ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), + 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, + sizeof(key)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, + xcghash, sizeof(xcghash)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, + sessid, sizeof(sessid)), 0) + && TEST_int_gt( + EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, + (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV), + 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + + EVP_KDF_CTX_free(kctx); + return ret; +} + int setup_tests(void) { ADD_TEST(test_kdf_tls1_prf); @@ -264,5 +318,6 @@ int setup_tests(void) ADD_TEST(test_kdf_ss_hash); ADD_TEST(test_kdf_ss_hmac); ADD_TEST(test_kdf_ss_kmac); + ADD_TEST(test_kdf_sshkdf); return 1; } From builds at travis-ci.org Thu Apr 18 12:02:37 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 18 Apr 2019 12:02:37 +0000 Subject: Still Failing: openssl/openssl#24811 (master - 87d9955) In-Reply-To: Message-ID: <5cb8675d33415_43faafd2e1bb0152459@b85ba0a1-1a63-46cc-81b0-331ea744e151.mail> Build Update for openssl/openssl ------------------------------------- Build: #24811 Status: Still Failing Duration: 18 mins and 23 secs Commit: 87d9955 (master) Author: Simo Sorce Message: Add SSHKDF in evp_kdf_test Signed-off-by: Simo Sorce Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8774) View the changeset: https://github.com/openssl/openssl/compare/86a7ac5e76fd...87d9955e8cd2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/521678649?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 18 12:39:30 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Apr 2019 12:39:30 +0000 Subject: Build completed: openssl master.24216 Message-ID: <20190418123930.1.35218D5C5650E36A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 18 14:08:07 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Apr 2019 14:08:07 +0000 Subject: Build failed: openssl master.24219 Message-ID: <20190418140807.1.F5F9E60E6722631E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 18 14:38:33 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Apr 2019 14:38:33 +0000 Subject: Build failed: openssl master.24220 Message-ID: <20190418143833.1.FEB8919B624D8CC3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 18 15:13:48 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 18 Apr 2019 15:13:48 +0000 Subject: Build completed: openssl master.24221 Message-ID: <20190418151348.1.1BB8735258D64F79@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Apr 18 17:20:59 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 18 Apr 2019 17:20:59 +0000 Subject: [openssl] master update Message-ID: <1555608059.468607.9572.nullmailer@dev.openssl.org> The branch master has been updated via 4f29f3a29b8b416a501c7166dbbca5284b198f81 (commit) from 87d9955e8cd2f1a2aa7f3a3e1da6c3c828070da1 (commit) - Log ----------------------------------------------------------------- commit 4f29f3a29b8b416a501c7166dbbca5284b198f81 Author: Richard Levitte Date: Mon Apr 15 13:15:55 2019 +0200 asn1parse: avoid double free |str| was used for multiple conflicting purposes. When using '-strictpem', it's used to uniquely hold a reference to the loaded payload. However, when using '-strparse', |str| was re-used to hold the position from where to start parsing. So when '-strparse' and '-strictpem' are were together, |str| ended up pointing into data pointed at by |at|, and was yet being freed, with the result that the payload it held a reference to became a memory leak, and there was a double free conflict when both |str| and |at| were being freed. The situation is resolved by always having |buf| hold the pointer to the file data, and always and only use |str| to hold the position to start parsing from. Now, we only need to free |buf| properly and not |str|. Fixes #8752 Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8753) ----------------------------------------------------------------------- Summary of changes: apps/asn1pars.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 4c1ce48..14f1dca 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -170,17 +170,17 @@ int asn1parse_main(int argc, char **argv) if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL) goto end; + if ((buf = BUF_MEM_new()) == NULL) + goto end; if (strictpem) { - if (PEM_read_bio(in, &name, &header, &str, &num) != - 1) { + if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { BIO_printf(bio_err, "Error reading PEM file\n"); ERR_print_errors(bio_err); goto end; } + buf->data = (char *)str; + buf->length = buf->max = num; } else { - - if ((buf = BUF_MEM_new()) == NULL) - goto end; if (!BUF_MEM_grow(buf, BUFSIZ * 8)) goto end; /* Pre-allocate :-) */ @@ -303,8 +303,6 @@ int asn1parse_main(int argc, char **argv) BUF_MEM_free(buf); OPENSSL_free(name); OPENSSL_free(header); - if (strictpem) - OPENSSL_free(str); ASN1_TYPE_free(at); sk_OPENSSL_STRING_free(osk); return ret; From levitte at openssl.org Thu Apr 18 17:22:01 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 18 Apr 2019 17:22:01 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1555608121.302832.10555.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 18111b130abc0f53b41abbbf82b27d7232ec99f2 (commit) from 2456ae5763dc4b036b3b4cdb9b98de5d46dd221f (commit) - Log ----------------------------------------------------------------- commit 18111b130abc0f53b41abbbf82b27d7232ec99f2 Author: Richard Levitte Date: Mon Apr 15 13:15:55 2019 +0200 asn1parse: avoid double free |str| was used for multiple conflicting purposes. When using '-strictpem', it's used to uniquely hold a reference to the loaded payload. However, when using '-strparse', |str| was re-used to hold the position from where to start parsing. So when '-strparse' and '-strictpem' are were together, |str| ended up pointing into data pointed at by |at|, and was yet being freed, with the result that the payload it held a reference to became a memory leak, and there was a double free conflict when both |str| and |at| were being freed. The situation is resolved by always having |buf| hold the pointer to the file data, and always and only use |str| to hold the position to start parsing from. Now, we only need to free |buf| properly and not |str|. Fixes #8752 Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8753) (cherry picked from commit 4f29f3a29b8b416a501c7166dbbca5284b198f81) ----------------------------------------------------------------------- Summary of changes: apps/asn1pars.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 62c70b9..c9a843a 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -170,17 +170,17 @@ int asn1parse_main(int argc, char **argv) if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL) goto end; + if ((buf = BUF_MEM_new()) == NULL) + goto end; if (strictpem) { - if (PEM_read_bio(in, &name, &header, &str, &num) != - 1) { + if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { BIO_printf(bio_err, "Error reading PEM file\n"); ERR_print_errors(bio_err); goto end; } + buf->data = (char *)str; + buf->length = buf->max = num; } else { - - if ((buf = BUF_MEM_new()) == NULL) - goto end; if (!BUF_MEM_grow(buf, BUFSIZ * 8)) goto end; /* Pre-allocate :-) */ @@ -303,8 +303,6 @@ int asn1parse_main(int argc, char **argv) BUF_MEM_free(buf); OPENSSL_free(name); OPENSSL_free(header); - if (strictpem) - OPENSSL_free(str); ASN1_TYPE_free(at); sk_OPENSSL_STRING_free(osk); return ret; From builds at travis-ci.org Thu Apr 18 17:43:54 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 18 Apr 2019 17:43:54 +0000 Subject: Still Failing: openssl/openssl#24824 (master - 4f29f3a) In-Reply-To: Message-ID: <5cb8b75a3cbd1_43fc8217b62e4202668@bb7208a3-ee5a-4c4b-9146-792adc71994e.mail> Build Update for openssl/openssl ------------------------------------- Build: #24824 Status: Still Failing Duration: 22 mins and 9 secs Commit: 4f29f3a (master) Author: Richard Levitte Message: asn1parse: avoid double free |str| was used for multiple conflicting purposes. When using '-strictpem', it's used to uniquely hold a reference to the loaded payload. However, when using '-strparse', |str| was re-used to hold the position from where to start parsing. So when '-strparse' and '-strictpem' are were together, |str| ended up pointing into data pointed at by |at|, and was yet being freed, with the result that the payload it held a reference to became a memory leak, and there was a double free conflict when both |str| and |at| were being freed. The situation is resolved by always having |buf| hold the pointer to the file data, and always and only use |str| to hold the position to start parsing from. Now, we only need to free |buf| properly and not |str|. Fixes #8752 Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8753) View the changeset: https://github.com/openssl/openssl/compare/87d9955e8cd2...4f29f3a29b8b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/521823077?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Apr 18 17:56:49 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 18 Apr 2019 17:56:49 +0000 Subject: Still Failing: openssl/openssl#24825 (OpenSSL_1_1_1-stable - 18111b1) In-Reply-To: Message-ID: <5cb8ba60ed9f6_43ff29ff4c7582881bb@53f05eca-24cc-4911-b156-7782a087e54b.mail> Build Update for openssl/openssl ------------------------------------- Build: #24825 Status: Still Failing Duration: 25 mins and 32 secs Commit: 18111b1 (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: asn1parse: avoid double free |str| was used for multiple conflicting purposes. When using '-strictpem', it's used to uniquely hold a reference to the loaded payload. However, when using '-strparse', |str| was re-used to hold the position from where to start parsing. So when '-strparse' and '-strictpem' are were together, |str| ended up pointing into data pointed at by |at|, and was yet being freed, with the result that the payload it held a reference to became a memory leak, and there was a double free conflict when both |str| and |at| were being freed. The situation is resolved by always having |buf| hold the pointer to the file data, and always and only use |str| to hold the position to start parsing from. Now, we only need to free |buf| properly and not |str|. Fixes #8752 Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8753) (cherry picked from commit 4f29f3a29b8b416a501c7166dbbca5284b198f81) View the changeset: https://github.com/openssl/openssl/compare/2456ae5763dc...18111b130abc View the full build log and details: https://travis-ci.org/openssl/openssl/builds/521823496?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Apr 19 01:47:04 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 19 Apr 2019 01:47:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1555638424.106804.3830.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 4f29f3a29b asn1parse: avoid double free 87d9955e8c Add SSHKDF in evp_kdf_test 86a7ac5e76 chacha/asm/chacha-armv8.pl: replace 3+1 code paths with 4+1. d6e4287c97 aes/asm/aesv8-armx.pl: ~20% improvement on ThunderX2. 6465321e40 ARM64 assembly pack: add ThunderX2 results. Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl e_os2 > test/buildtest_e_os2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ebcdic > test/buildtest_ebcdic.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ec > test/buildtest_ec.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ess > test/buildtest_ess.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl params > test/buildtest_params.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl provider > test/buildtest_provider.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/casttest-bin-casttest.d.tmp -MT test/casttest-bin-casttest.o -c -o test/casttest-bin-casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Iapps/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/chacha_internal_test-bin-chacha_internal_test.d.tmp -MT test/chacha_internal_test-bin-chacha_internal_test.o -c -o test/chacha_internal_test-bin-chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -Iapps/include -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c ../openssl/test/ectest.c:1889:24: error: implicit declaration of function 'BN_GF2m_add' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(BN_GF2m_add(x, x, field))) ^ ../openssl/test/ectest.c:1889:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] 2 errors generated. Makefile:15271: recipe for target 'test/ectest-bin-ectest.o' failed make[1]: *** [test/ectest-bin-ectest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Fri Apr 19 05:46:53 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 19 Apr 2019 05:46:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1555652813.816992.16302.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 4f29f3a29b asn1parse: avoid double free 87d9955e8c Add SSHKDF in evp_kdf_test 86a7ac5e76 chacha/asm/chacha-armv8.pl: replace 3+1 code paths with 4+1. d6e4287c97 aes/asm/aesv8-armx.pl: ~20% improvement on ThunderX2. 6465321e40 ARM64 assembly pack: add ThunderX2 results. Build log ended with (last 100 lines): crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:44: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:44: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:30: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:30: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:40: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:49: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:49: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:56: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:56: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:68: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:68: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:73: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6880: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:106: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:120: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: more undefined references to `__afl_prev_loc' follow test/p_test-dso-p_test.o: In function `p_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: undefined reference to `__afl_area_ptr' test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:74: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:83: more undefined references to `__afl_prev_loc' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6956: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Fri Apr 19 08:26:04 2019 From: levitte at openssl.org (Richard Levitte) Date: Fri, 19 Apr 2019 08:26:04 +0000 Subject: [openssl] master update Message-ID: <1555662364.761642.16286.nullmailer@dev.openssl.org> The branch master has been updated via 1393722af384cdf310645c598bbd06a3bbaa2f31 (commit) via bcb5d42171386709c716312b711a0c15aa368f3f (commit) via e019da7b6ff54822e307daf804f7fe78ec352457 (commit) from 4f29f3a29b8b416a501c7166dbbca5284b198f81 (commit) - Log ----------------------------------------------------------------- commit 1393722af384cdf310645c598bbd06a3bbaa2f31 Author: Richard Levitte Date: Thu Apr 18 17:46:32 2019 +0200 ossl_method_store_cache_get(): ensure non-NULL property query The comparator further down the call stack doesn't tolerate NULL, so if we got that as input, use the empty string. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8781) commit bcb5d42171386709c716312b711a0c15aa368f3f Author: Richard Levitte Date: Thu Apr 18 16:33:21 2019 +0200 OPENSSL_LH_flush(): assign NULL after freeing OPENSSL_LH_flush() frees the linked lists for each slot, but didn't set the list head to NULL after doing so, with the result that an operation that affects these lists is likely to cause a crash. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8781) commit e019da7b6ff54822e307daf804f7fe78ec352457 Author: Richard Levitte Date: Thu Apr 18 12:23:21 2019 +0200 Fix the generic EVP algorithm fetch to actually cache them ossl_method_store_cache_get() and ossl_method_store_cache_set() were called with a NULL argument for store, which means no caching is done. Give them a real store instead. Also, increment the refcount when we do get a method out of the cache. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8781) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_fetch.c | 10 ++++++++-- crypto/lhash/lhash.c | 1 + crypto/property/property.c | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 012383f..c054f31 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -173,11 +173,15 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, void (*free_method)(void *), int (*nid_method)(void *)) { + OSSL_METHOD_STORE *store = get_default_method_store(libctx); int nid = OBJ_sn2nid(algorithm); void *method = NULL; + if (store == NULL) + return NULL; + if (nid == NID_undef - || !ossl_method_store_cache_get(NULL, nid, properties, &method)) { + || !ossl_method_store_cache_get(store, nid, properties, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { alloc_tmp_method_store, dealloc_tmp_method_store, @@ -198,7 +202,9 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, method = ossl_method_construct(libctx, operation_id, algorithm, properties, 0 /* !force_cache */, &mcm, &mcmdata); - ossl_method_store_cache_set(NULL, nid, properties, method); + ossl_method_store_cache_set(store, nid, properties, method); + } else { + upref_method(method); } return method; diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index aa0ca1c..e3c7ac4 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -98,6 +98,7 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh) OPENSSL_free(n); n = nn; } + lh->b[i] = NULL; } } diff --git a/crypto/property/property.c b/crypto/property/property.c index 1a3d0c4..a2122dc 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -450,7 +450,7 @@ int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, int nid, return 0; } - elem.query = prop_query; + elem.query = prop_query != NULL ? prop_query : ""; r = lh_QUERY_retrieve(alg->cache, &elem); if (r == NULL) { ossl_property_unlock(store); From matt at openssl.org Fri Apr 19 08:36:24 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Apr 2019 08:36:24 +0000 Subject: [openssl] master update Message-ID: <1555662984.609842.12941.nullmailer@dev.openssl.org> The branch master has been updated via 6caf7f3aec5484ee65067e9671299d3411565dc1 (commit) via 64adf9aac765f0872c33d225c57e5c128f5d7c69 (commit) via 3a7b15e484f950d4cb4061d93839802ecb74f8e5 (commit) via dcd446f1005f5c99768965a11c10dd6c7b6aee59 (commit) via 3b94944cf2d6476d1b8ac7949bf8b28abb644426 (commit) via 344cfa34e5b07f8b8b7f1e70f47f5d265c9c1185 (commit) via 819a7ae9fc7721f675757c0925821f91b20dfc8f (commit) via 75dd6d64f1f3afd6fda024d8d91bc2a216bbfcf9 (commit) via ed98df51c69717529dd7d775b35430c036216339 (commit) via 718b133a5328108099ecac0bf40d8fd4886e7b64 (commit) via f4a129bb8dc26488e29b06e06e96a76c93f966be (commit) via 861b8f8747965bf98d9dd328196b8092e709c99d (commit) via aab26e6f7b437f7d4bace03cd855a33d7a34d927 (commit) via df05f2ce6d496232f3c86acb299a128d0eb3ef42 (commit) from 1393722af384cdf310645c598bbd06a3bbaa2f31 (commit) - Log ----------------------------------------------------------------- commit 6caf7f3aec5484ee65067e9671299d3411565dc1 Author: Matt Caswell Date: Thu Apr 18 17:43:05 2019 +0100 Create provider errors and use them Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit 64adf9aac765f0872c33d225c57e5c128f5d7c69 Author: Matt Caswell Date: Tue Apr 16 15:37:23 2019 +0100 Fix the S390X support for the basic AES ciphers Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit 3a7b15e484f950d4cb4061d93839802ecb74f8e5 Author: Matt Caswell Date: Mon Apr 15 15:33:58 2019 +0100 Add forward declarations of the AES dispatch table functions Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit dcd446f1005f5c99768965a11c10dd6c7b6aee59 Author: Matt Caswell Date: Wed Apr 10 13:54:38 2019 +0100 Make implementation of blocksize, iv_length and key_length mandatory Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit 3b94944cf2d6476d1b8ac7949bf8b28abb644426 Author: Matt Caswell Date: Wed Apr 10 13:43:45 2019 +0100 Add a maximum output length to update and final calls Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit 344cfa34e5b07f8b8b7f1e70f47f5d265c9c1185 Author: Matt Caswell Date: Wed Apr 10 13:23:58 2019 +0100 Add iv length and key length params to the cipher init calls Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit 819a7ae9fc7721f675757c0925821f91b20dfc8f Author: Matt Caswell Date: Mon Apr 8 17:19:59 2019 +0100 Implement AES CTR ciphers in the default provider Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit 75dd6d64f1f3afd6fda024d8d91bc2a216bbfcf9 Author: Matt Caswell Date: Mon Apr 8 17:13:01 2019 +0100 Implement AES CFB ciphers in the default provider Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit ed98df51c69717529dd7d775b35430c036216339 Author: Matt Caswell Date: Mon Apr 8 16:55:34 2019 +0100 Implement AES OFB ciphers in the default provider Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit 718b133a5328108099ecac0bf40d8fd4886e7b64 Author: Matt Caswell Date: Wed Apr 3 18:01:21 2019 +0100 Implement AES CBC ciphers in the default provider Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit f4a129bb8dc26488e29b06e06e96a76c93f966be Author: Matt Caswell Date: Wed Apr 3 16:53:22 2019 +0100 Add support in the default provider for 192/128 bit AES ECB Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit 861b8f8747965bf98d9dd328196b8092e709c99d Author: Matt Caswell Date: Wed Apr 3 16:39:34 2019 +0100 Add the provider_algs.h internal header file Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit aab26e6f7b437f7d4bace03cd855a33d7a34d927 Author: Matt Caswell Date: Wed Apr 3 15:34:08 2019 +0100 Implement support for AES-256-ECB in the default provider We also lay the ground work for various of other the basic AES ciphers. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) commit df05f2ce6d496232f3c86acb299a128d0eb3ef42 Author: Matt Caswell Date: Wed Apr 3 15:38:07 2019 +0100 Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) ----------------------------------------------------------------------- Summary of changes: build.info | 2 +- crypto/err/err.c | 1 + crypto/err/err_all.c | 4 +- crypto/err/openssl.ec | 1 + crypto/err/openssl.txt | 27 + crypto/evp/cmeth_lib.c | 32 +- crypto/evp/digest.c | 2 +- crypto/evp/evp_enc.c | 531 ++++++++++++- crypto/evp/evp_err.c | 7 + crypto/evp/evp_lib.c | 133 +++- crypto/evp/evp_locl.h | 4 + crypto/include/internal/evp_int.h | 24 + include/openssl/core_names.h | 6 + include/openssl/core_numbers.h | 55 +- include/openssl/err.h | 2 + include/openssl/evp.h | 5 +- include/openssl/evperr.h | 4 + providers/build.info | 2 +- providers/common/build.info | 5 +- providers/common/ciphers/aes.c | 470 +++++++++++ providers/common/ciphers/aes_basic.c | 866 +++++++++++++++++++++ providers/common/ciphers/block.c | 118 +++ providers/common/ciphers/build.info | 4 + providers/common/ciphers/ciphers_locl.h | 107 +++ providers/common/digests/sha2.c | 4 +- providers/common/include/internal/provider_algs.h | 34 + .../common/include/internal/providercommon.h | 0 .../common/include/internal/providercommonerr.h | 54 ++ providers/common/provider_err.c | 67 ++ providers/default/defltprov.c | 30 +- providers/legacy/digests/md2.c | 2 +- util/ck_errf.pl | 3 +- util/libcrypto.num | 3 + util/mkerr.pl | 3 +- 34 files changed, 2550 insertions(+), 62 deletions(-) create mode 100644 providers/common/ciphers/aes.c create mode 100644 providers/common/ciphers/aes_basic.c create mode 100644 providers/common/ciphers/block.c create mode 100644 providers/common/ciphers/build.info create mode 100644 providers/common/ciphers/ciphers_locl.h create mode 100644 providers/common/include/internal/provider_algs.h copy fuzz/corpora/ct/e53301b7bba90f14da5195be2e47ec3f88924694 => providers/common/include/internal/providercommon.h (100%) create mode 100644 providers/common/include/internal/providercommonerr.h create mode 100644 providers/common/provider_err.c diff --git a/build.info b/build.info index a0ecb21..ce5dfd0 100644 --- a/build.info +++ b/build.info @@ -3,7 +3,7 @@ SUBDIRS=crypto ssl apps test util tools fuzz engines providers LIBS=libcrypto libssl -INCLUDE[libcrypto]=. crypto/include include +INCLUDE[libcrypto]=. crypto/include include providers/common/include INCLUDE[libssl]=. include DEPEND[libssl]=libcrypto diff --git a/crypto/err/err.c b/crypto/err/err.c index 4548854..345d230 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -66,6 +66,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"}, {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"}, {ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines"}, + {ERR_PACK(ERR_LIB_PROV, 0, 0), "Provider routines"}, {0, NULL}, }; diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 1166b01..af44467 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -41,6 +41,7 @@ #include #include #include "internal/propertyerr.h" +#include "internal/providercommonerr.h" int err_load_crypto_strings_int(void) { @@ -102,7 +103,8 @@ int err_load_crypto_strings_int(void) #endif ERR_load_KDF_strings() == 0 || ERR_load_OSSL_STORE_strings() == 0 || - ERR_load_PROP_strings() == 0) + ERR_load_PROP_strings() == 0 || + ERR_load_PROV_strings() == 0) return 0; return 1; diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index a204434..b28aa49 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -37,6 +37,7 @@ L SM2 crypto/include/internal/sm2.h crypto/sm2/sm2_err.c L OSSL_STORE include/openssl/store.h crypto/store/store_err.c L ESS include/openssl/ess.h crypto/ess/ess_err.c L PROP include/internal/property.h crypto/property/property_err.c +L PROV providers/common/include/internal/providercommon.h providers/common/provider_err.c # additional header files to be scanned for function names L NONE include/openssl/x509_vfy.h NONE diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 18aa16c..5c444f5 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -785,6 +785,9 @@ EVP_F_EVP_CIPHER_ASN1_TO_PARAM:204:EVP_CIPHER_asn1_to_param EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length +EVP_F_EVP_CIPHER_CTX_SET_PADDING:237:EVP_CIPHER_CTX_set_padding +EVP_F_EVP_CIPHER_FROM_DISPATCH:238:evp_cipher_from_dispatch +EVP_F_EVP_CIPHER_MODE:239:EVP_CIPHER_mode EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1 EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate @@ -1102,6 +1105,21 @@ PROP_F_PARSE_NUMBER:104:parse_number PROP_F_PARSE_OCT:105:parse_oct PROP_F_PARSE_STRING:106:parse_string PROP_F_PARSE_UNQUOTED:107:parse_unquoted +PROV_F_AESNI_INIT_KEY:101:aesni_init_key +PROV_F_AES_BLOCK_FINAL:102:aes_block_final +PROV_F_AES_BLOCK_UPDATE:103:aes_block_update +PROV_F_AES_CIPHER:104:aes_cipher +PROV_F_AES_CTX_GET_PARAMS:105:aes_ctx_get_params +PROV_F_AES_CTX_SET_PARAMS:106:aes_ctx_set_params +PROV_F_AES_DINIT:107:aes_dinit +PROV_F_AES_DUPCTX:108:aes_dupctx +PROV_F_AES_EINIT:109:aes_einit +PROV_F_AES_INIT_KEY:110:aes_init_key +PROV_F_AES_STREAM_UPDATE:111:aes_stream_update +PROV_F_AES_T4_INIT_KEY:112:aes_t4_init_key +PROV_F_PROV_AES_KEY_GENERIC_INIT:113:PROV_AES_KEY_generic_init +PROV_F_TRAILINGDATA:114:trailingdata +PROV_F_UNPADBLOCK:100:unpadblock RAND_F_DRBG_BYTES:101:drbg_bytes RAND_F_DRBG_CTR_INIT:125:drbg_ctr_init RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy @@ -2381,6 +2399,7 @@ EVP_R_INVALID_FIPS_MODE:168:invalid fips mode EVP_R_INVALID_KEY:163:invalid key EVP_R_INVALID_KEY_LENGTH:130:invalid key length EVP_R_INVALID_OPERATION:148:invalid operation +EVP_R_INVALID_PROVIDER_FUNCTIONS:193:invalid provider functions EVP_R_INVALID_SALT_LENGTH:186:invalid salt length EVP_R_KEYGEN_FAILURE:120:keygen failure EVP_R_KEY_SETUP_FAILED:180:key setup failed @@ -2604,6 +2623,14 @@ PROP_R_NO_VALUE:107:no value PROP_R_PARSE_FAILED:108:parse failed PROP_R_STRING_TOO_LONG:109:string too long PROP_R_TRAILING_CHARACTERS:110:trailing characters +PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed +PROV_R_BAD_DECRYPT:100:bad decrypt +PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed +PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter +PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter +PROV_R_INVALID_KEYLEN:105:invalid keylen +PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small +PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long RAND_R_ALREADY_INSTANTIATED:103:already instantiated RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 6c328c0..0520157 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -11,6 +11,7 @@ #include #include "internal/evp_int.h" +#include "internal/provider.h" #include "evp_locl.h" EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) @@ -21,6 +22,12 @@ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) cipher->nid = cipher_type; cipher->block_size = block_size; cipher->key_len = key_len; + cipher->lock = CRYPTO_THREAD_lock_new(); + if (cipher->lock == NULL) { + OPENSSL_free(cipher); + return NULL; + } + cipher->refcnt = 1; } return cipher; } @@ -30,14 +37,35 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, cipher->key_len); - if (to != NULL) + if (to != NULL) { + CRYPTO_RWLOCK *lock = to->lock; + memcpy(to, cipher, sizeof(*to)); + to->lock = lock; + } return to; } void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) { - OPENSSL_free(cipher); + if (cipher != NULL) { + int i; + + CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock); + if (i > 0) + return; + ossl_provider_free(cipher->prov); + CRYPTO_THREAD_lock_free(cipher->lock); + OPENSSL_free(cipher); + } +} + +int EVP_CIPHER_upref(EVP_CIPHER *cipher) +{ + int ref = 0; + + CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); + return 1; } int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index e4787e6..043e456 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -517,7 +517,7 @@ static void *evp_md_from_dispatch(int mdtype, const OSSL_DISPATCH *fns, md->dinit = OSSL_get_OP_digest_init(fns); fncnt++; break; - case OSSL_FUNC_DIGEST_UPDDATE: + case OSSL_FUNC_DIGEST_UPDATE: if (md->dupdate != NULL) break; md->dupdate = OSSL_get_OP_digest_update(fns); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 641ad19..4426a81 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -15,25 +15,46 @@ #include #include #include +#include +#include #include "internal/evp_int.h" +#include "internal/provider.h" #include "evp_locl.h" -int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) { - if (c == NULL) + if (ctx == NULL) return 1; - if (c->cipher != NULL) { - if (c->cipher->cleanup && !c->cipher->cleanup(c)) + + if (ctx->cipher == NULL || ctx->cipher->prov == NULL) + goto legacy; + + if (ctx->provctx != NULL) { + if (ctx->cipher->freectx != NULL) + ctx->cipher->freectx(ctx->provctx); + ctx->provctx = NULL; + } + if (ctx->fetched_cipher != NULL) + EVP_CIPHER_meth_free(ctx->fetched_cipher); + memset(ctx, 0, sizeof(*ctx)); + + return 1; + + /* TODO(3.0): Remove legacy code below */ + legacy: + + if (ctx->cipher != NULL) { + if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx)) return 0; /* Cleanse cipher context data */ - if (c->cipher_data && c->cipher->ctx_size) - OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); + if (ctx->cipher_data && ctx->cipher->ctx_size) + OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size); } - OPENSSL_free(c->cipher_data); + OPENSSL_free(ctx->cipher_data); #ifndef OPENSSL_NO_ENGINE - ENGINE_finish(c->engine); + ENGINE_finish(ctx->engine); #endif - memset(c, 0, sizeof(*c)); + memset(ctx, 0, sizeof(*ctx)); return 1; } @@ -60,13 +81,30 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { - if (enc == -1) + EVP_CIPHER *provciph = NULL; + ENGINE *tmpimpl = NULL; + const EVP_CIPHER *tmpcipher; + + /* + * enc == 1 means we are encrypting. + * enc == 0 means we are decrypting. + * enc == -1 means, use the previously initialised value for encrypt/decrypt + */ + if (enc == -1) { enc = ctx->encrypt; - else { + } else { if (enc) enc = 1; ctx->encrypt = enc; } + + if (cipher == NULL && ctx->cipher == NULL) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); + return 0; + } + + /* TODO(3.0): Legacy work around code below. Remove this */ + #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so @@ -77,11 +115,157 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (ctx->engine && ctx->cipher && (cipher == NULL || cipher->nid == ctx->cipher->nid)) goto skip_to_init; + + if (cipher != NULL && impl == NULL) { + /* Ask if an ENGINE is reserved for this job */ + tmpimpl = ENGINE_get_cipher_engine(cipher->nid); + } #endif - if (cipher) { + + /* + * If there are engines involved then we should use legacy handling for now. + */ + if (ctx->engine != NULL + || impl != NULL + || tmpimpl != NULL) { + if (ctx->cipher == ctx->fetched_cipher) + ctx->cipher = NULL; + EVP_CIPHER_meth_free(ctx->fetched_cipher); + ctx->fetched_cipher = NULL; + goto legacy; + } + + tmpcipher = (cipher == NULL) ? ctx->cipher : cipher; + + if (tmpcipher->prov == NULL) { + switch(tmpcipher->nid) { + case NID_aes_256_ecb: + case NID_aes_192_ecb: + case NID_aes_128_ecb: + case NID_aes_256_cbc: + case NID_aes_192_cbc: + case NID_aes_128_cbc: + case NID_aes_256_ofb128: + case NID_aes_192_ofb128: + case NID_aes_128_ofb128: + case NID_aes_256_cfb128: + case NID_aes_192_cfb128: + case NID_aes_128_cfb128: + case NID_aes_256_cfb1: + case NID_aes_192_cfb1: + case NID_aes_128_cfb1: + case NID_aes_256_cfb8: + case NID_aes_192_cfb8: + case NID_aes_128_cfb8: + case NID_aes_256_ctr: + case NID_aes_192_ctr: + case NID_aes_128_ctr: + break; + default: + goto legacy; + } + } + + /* + * Ensure a context left lying around from last time is cleared + * (legacy code) + */ + if (cipher != NULL && ctx->cipher != NULL) { + OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size); + ctx->cipher_data = NULL; + } + + + /* TODO(3.0): Start of non-legacy code below */ + + /* Ensure a context left lying around from last time is cleared */ + if (cipher != NULL && ctx->cipher != NULL) { + unsigned long flags = ctx->flags; + + EVP_CIPHER_CTX_reset(ctx); + /* Restore encrypt and flags */ + ctx->encrypt = enc; + ctx->flags = flags; + } + + if (cipher != NULL) + ctx->cipher = cipher; + else + cipher = ctx->cipher; + + if (cipher->prov == NULL) { + provciph = EVP_CIPHER_fetch(NULL, OBJ_nid2sn(cipher->nid), ""); + if (provciph == NULL) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + cipher = provciph; + EVP_CIPHER_meth_free(ctx->fetched_cipher); + ctx->fetched_cipher = provciph; + } + + ctx->cipher = cipher; + if (ctx->provctx == NULL) { + ctx->provctx = ctx->cipher->newctx(); + if (ctx->provctx == NULL) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + + if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) { + /* + * If this ctx was already set up for no padding then we need to tell + * the new cipher about it. + */ + if (!EVP_CIPHER_CTX_set_padding(ctx, 0)) + return 0; + } + + switch (EVP_CIPHER_mode(ctx->cipher)) { + case EVP_CIPH_CFB_MODE: + case EVP_CIPH_OFB_MODE: + case EVP_CIPH_CBC_MODE: + /* For these modes we remember the original IV for later use */ + if (!ossl_assert(EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->oiv))) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + if (iv != NULL) + memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + } + + if (enc) { + if (ctx->cipher->einit == NULL) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + return ctx->cipher->einit(ctx->provctx, + key, + EVP_CIPHER_CTX_key_length(ctx), + iv, + EVP_CIPHER_CTX_iv_length(ctx)); + } + + if (ctx->cipher->dinit == NULL) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + return ctx->cipher->dinit(ctx->provctx, + key, + EVP_CIPHER_CTX_key_length(ctx), + iv, + EVP_CIPHER_CTX_iv_length(ctx)); + + /* TODO(3.0): Remove legacy code below */ + legacy: + + if (cipher != NULL) { /* - * Ensure a context left lying around from last time is cleared (the - * previous check attempted to avoid this if the same ENGINE and + * Ensure a context left lying around from last time is cleared (we + * previously attempted to avoid this if the same ENGINE and * EVP_CIPHER could be used). */ if (ctx->cipher) { @@ -92,18 +276,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->flags = flags; } #ifndef OPENSSL_NO_ENGINE - if (impl) { + if (impl != NULL) { if (!ENGINE_init(impl)) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } - } else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_cipher_engine(cipher->nid); - if (impl) { + } else { + impl = tmpimpl; + } + if (impl != NULL) { /* There's an ENGINE for this job ... (apparently) */ const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); - if (!c) { + + if (c == NULL) { /* * One positive side-effect of US's export control history, * is that we should at least be able to avoid using US @@ -119,8 +304,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, * from an ENGINE and we need to release it when done. */ ctx->engine = impl; - } else + } else { ctx->engine = NULL; + } #endif ctx->cipher = cipher; @@ -144,9 +330,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } } - } else if (!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); - return 0; } #ifndef OPENSSL_NO_ENGINE skip_to_init: @@ -377,12 +560,39 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { + int ret; + size_t soutl; + int blocksize; + /* Prevent accidental use of decryption context when encrypting */ if (!ctx->encrypt) { EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION); return 0; } + if (ctx->cipher == NULL || ctx->cipher->prov == NULL) + goto legacy; + + blocksize = EVP_CIPHER_CTX_block_size(ctx); + + if (ctx->cipher->cupdate == NULL || blocksize < 1) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR); + return 0; + } + ret = ctx->cipher->cupdate(ctx->provctx, out, &soutl, + inl + (blocksize == 1 ? 0 : blocksize), in, + (size_t)inl); + + if (soutl > INT_MAX) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR); + return 0; + } + *outl = soutl; + return ret; + + /* TODO(3.0): Remove legacy code below */ + legacy: + return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); } @@ -397,6 +607,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int n, ret; unsigned int i, b, bl; + size_t soutl; + int blocksize; /* Prevent accidental use of decryption context when encrypting */ if (!ctx->encrypt) { @@ -404,6 +616,30 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return 0; } + if (ctx->cipher == NULL || ctx->cipher->prov == NULL) + goto legacy; + + blocksize = EVP_CIPHER_CTX_block_size(ctx); + + if (blocksize < 1 || ctx->cipher->cfinal == NULL) { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR); + return 0; + } + + ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl, + blocksize == 1 ? 0 : blocksize); + + if (soutl > INT_MAX) { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR); + return 0; + } + *outl = soutl; + + return ret; + + /* TODO(3.0): Remove legacy code below */ + legacy: + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); if (ret < 0) @@ -444,8 +680,10 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int fix_len, cmpl = inl; + int fix_len, cmpl = inl, ret; unsigned int b; + size_t soutl; + int blocksize; /* Prevent accidental use of encryption context when decrypting */ if (ctx->encrypt) { @@ -453,6 +691,32 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 0; } + if (ctx->cipher == NULL || ctx->cipher->prov == NULL) + goto legacy; + + blocksize = EVP_CIPHER_CTX_block_size(ctx); + + if (ctx->cipher->cupdate == NULL || blocksize < 1) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_UPDATE_ERROR); + return 0; + } + ret = ctx->cipher->cupdate(ctx->provctx, out, &soutl, + inl + (blocksize == 1 ? 0 : blocksize), in, + (size_t)inl); + + if (ret) { + if (soutl > INT_MAX) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_UPDATE_ERROR); + return 0; + } + *outl = soutl; + } + + return ret; + + /* TODO(3.0): Remove legacy code below */ + legacy: + b = ctx->cipher->block_size; if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) @@ -527,6 +791,9 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i, n; unsigned int b; + size_t soutl; + int ret; + int blocksize; /* Prevent accidental use of encryption context when decrypting */ if (ctx->encrypt) { @@ -534,6 +801,32 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return 0; } + if (ctx->cipher == NULL || ctx->cipher->prov == NULL) + goto legacy; + + blocksize = EVP_CIPHER_CTX_block_size(ctx); + + if (blocksize < 1 || ctx->cipher->cfinal == NULL) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_FINAL_ERROR); + return 0; + } + + ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl, + blocksize == 1 ? 0 : blocksize); + + if (ret) { + if (soutl > INT_MAX) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_FINAL_ERROR); + return 0; + } + *outl = soutl; + } + + return ret; + + /* TODO(3.0): Remove legacy code below */ + legacy: + *outl = 0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { @@ -590,7 +883,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); - if (c->key_len == keylen) + if (EVP_CIPHER_CTX_key_length(c) == keylen) return 1; if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { c->key_len = keylen; @@ -606,6 +899,24 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; else ctx->flags |= EVP_CIPH_NO_PADDING; + + if (ctx->cipher != NULL && ctx->cipher->prov != NULL) { + OSSL_PARAM params[] = { + OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), + OSSL_PARAM_END + }; + + params[0].data = &pad; + + if (ctx->cipher->ctx_set_params == NULL) { + EVPerr(EVP_F_EVP_CIPHER_CTX_SET_PADDING, EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } + + if (!ctx->cipher->ctx_set_params(ctx->provctx, params)) + return 0; + } + return 1; } @@ -647,6 +958,36 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED); return 0; } + + if (in->cipher->prov == NULL) + goto legacy; + + if (in->cipher->dupctx == NULL) { + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_NOT_ABLE_TO_COPY_CTX); + return 0; + } + + EVP_CIPHER_CTX_reset(out); + + *out = *in; + out->provctx = NULL; + + if (in->fetched_cipher != NULL && !EVP_CIPHER_upref(in->fetched_cipher)) { + out->fetched_cipher = NULL; + return 0; + } + + out->provctx = in->cipher->dupctx(in->provctx); + if (out->provctx == NULL) { + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_NOT_ABLE_TO_COPY_CTX); + return 0; + } + + return 1; + + /* TODO(3.0): Remove legacy code below */ + legacy: + #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a cipher context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { @@ -676,3 +1017,141 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) } return 1; } + +static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov) +{ + EVP_CIPHER *cipher = NULL; + int fnciphcnt = 0, fnctxcnt = 0; + + if ((cipher = EVP_CIPHER_meth_new(nid, 0, 0)) == NULL) + return NULL; + + for (; fns->function_id != 0; fns++) { + switch (fns->function_id) { + case OSSL_FUNC_CIPHER_NEWCTX: + if (cipher->newctx != NULL) + break; + cipher->newctx = OSSL_get_OP_cipher_newctx(fns); + fnctxcnt++; + break; + case OSSL_FUNC_CIPHER_ENCRYPT_INIT: + if (cipher->einit != NULL) + break; + cipher->einit = OSSL_get_OP_cipher_encrypt_init(fns); + fnciphcnt++; + break; + case OSSL_FUNC_CIPHER_DECRYPT_INIT: + if (cipher->dinit != NULL) + break; + cipher->dinit = OSSL_get_OP_cipher_decrypt_init(fns); + fnciphcnt++; + break; + case OSSL_FUNC_CIPHER_UPDATE: + if (cipher->cupdate != NULL) + break; + cipher->cupdate = OSSL_get_OP_cipher_update(fns); + fnciphcnt++; + break; + case OSSL_FUNC_CIPHER_FINAL: + if (cipher->cfinal != NULL) + break; + cipher->cfinal = OSSL_get_OP_cipher_final(fns); + fnciphcnt++; + break; + case OSSL_FUNC_CIPHER_CIPHER: + if (cipher->ccipher != NULL) + break; + cipher->ccipher = OSSL_get_OP_cipher_cipher(fns); + break; + case OSSL_FUNC_CIPHER_FREECTX: + if (cipher->freectx != NULL) + break; + cipher->freectx = OSSL_get_OP_cipher_freectx(fns); + fnctxcnt++; + break; + case OSSL_FUNC_CIPHER_DUPCTX: + if (cipher->dupctx != NULL) + break; + cipher->dupctx = OSSL_get_OP_cipher_dupctx(fns); + break; + case OSSL_FUNC_CIPHER_KEY_LENGTH: + if (cipher->key_length != NULL) + break; + cipher->key_length = OSSL_get_OP_cipher_key_length(fns); + break; + case OSSL_FUNC_CIPHER_IV_LENGTH: + if (cipher->iv_length != NULL) + break; + cipher->iv_length = OSSL_get_OP_cipher_iv_length(fns); + break; + case OSSL_FUNC_CIPHER_BLOCK_SIZE: + if (cipher->blocksize != NULL) + break; + cipher->blocksize = OSSL_get_OP_cipher_block_size(fns); + break; + case OSSL_FUNC_CIPHER_GET_PARAMS: + if (cipher->get_params != NULL) + break; + cipher->get_params = OSSL_get_OP_cipher_get_params(fns); + break; + case OSSL_FUNC_CIPHER_CTX_GET_PARAMS: + if (cipher->ctx_get_params != NULL) + break; + cipher->ctx_get_params = OSSL_get_OP_cipher_ctx_get_params(fns); + break; + case OSSL_FUNC_CIPHER_CTX_SET_PARAMS: + if (cipher->ctx_set_params != NULL) + break; + cipher->ctx_set_params = OSSL_get_OP_cipher_ctx_set_params(fns); + break; + } + } + if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4) + || (fnciphcnt == 0 && cipher->ccipher == NULL) + || fnctxcnt != 2 + || cipher->blocksize == NULL + || cipher->iv_length == NULL + || cipher->key_length == NULL) { + /* + * In order to be a consistent set of functions we must have at least + * a complete set of "encrypt" functions, or a complete set of "decrypt" + * functions, or a single "cipher" function. In all cases we need a + * complete set of context management functions, as well as the + * blocksize, iv_length and key_length functions. + */ + EVP_CIPHER_meth_free(cipher); + EVPerr(EVP_F_EVP_CIPHER_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS); + return NULL; + } + cipher->prov = prov; + if (prov != NULL) + ossl_provider_upref(prov); + + return cipher; +} + +static int evp_cipher_upref(void *cipher) +{ + return EVP_CIPHER_upref(cipher); +} + +static void evp_cipher_free(void *cipher) +{ + EVP_CIPHER_meth_free(cipher); +} + +static int evp_cipher_nid(void *vcipher) +{ + EVP_CIPHER *cipher = vcipher; + + return cipher->nid; +} + +EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties) +{ + return evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties, + evp_cipher_from_dispatch, evp_cipher_upref, + evp_cipher_free, evp_cipher_nid); +} diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index a9f8800..3555c0e 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -53,6 +53,11 @@ static const ERR_STRING_DATA EVP_str_functs[] = { "EVP_CIPHER_CTX_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0), "EVP_CIPHER_CTX_set_key_length"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_PADDING, 0), + "EVP_CIPHER_CTX_set_padding"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_FROM_DISPATCH, 0), + "evp_cipher_from_dispatch"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_MODE, 0), "EVP_CIPHER_mode"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0), "EVP_CIPHER_param_to_asn1"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0), @@ -246,6 +251,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_PROVIDER_FUNCTIONS), + "invalid provider functions"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SALT_LENGTH), "invalid salt length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYGEN_FAILURE), "keygen failure"}, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 914a19c..189c953 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -11,6 +11,8 @@ #include "internal/cryptlib.h" #include #include +#include +#include #include "internal/evp_int.h" #include "internal/provider.h" #include "evp_locl.h" @@ -18,13 +20,28 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int ret; + const EVP_CIPHER *cipher = c->cipher; + + if (cipher->prov != NULL) { + /* + * The cipher has come from a provider and won't have the default flags. + * Find the implicit form so we can check the flags. + * TODO(3.0): This won't work for 3rd party ciphers we know nothing about + * We'll need to think of something else for those. + */ + cipher = EVP_get_cipherbynid(cipher->nid); + if (cipher == NULL) { + EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER); + return -1; + } + } - if (c->cipher->set_asn1_parameters != NULL) - ret = c->cipher->set_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { - switch (EVP_CIPHER_CTX_mode(c)) { + if (cipher->set_asn1_parameters != NULL) + ret = cipher->set_asn1_parameters(c, type); + else if (cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + switch (EVP_CIPHER_mode(cipher)) { case EVP_CIPH_WRAP_MODE: - if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap) + if (EVP_CIPHER_nid(cipher) == NID_id_smime_alg_CMS3DESwrap) ASN1_TYPE_set(type, V_ASN1_NULL, NULL); ret = 1; break; @@ -53,11 +70,22 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int ret; + const EVP_CIPHER *cipher = c->cipher; + + if (cipher->prov != NULL) { + /* + * The cipher has come from a provider and won't have the default flags. + * Find the implicit form so we can check the flags. + */ + cipher = EVP_get_cipherbynid(cipher->nid); + if (cipher == NULL) + return -1; + } - if (c->cipher->get_asn1_parameters != NULL) - ret = c->cipher->get_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { - switch (EVP_CIPHER_CTX_mode(c)) { + if (cipher->get_asn1_parameters != NULL) + ret = cipher->get_asn1_parameters(c, type); + else if (cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + switch (EVP_CIPHER_mode(cipher)) { case EVP_CIPH_WRAP_MODE: ret = 1; @@ -85,19 +113,23 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) return ret; } -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) { int i = 0; unsigned int l; if (type != NULL) { - l = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof(c->iv)); - i = ASN1_TYPE_get_octetstring(type, c->oiv, l); + unsigned char iv[EVP_MAX_IV_LENGTH]; + + l = EVP_CIPHER_CTX_iv_length(ctx); + if (!ossl_assert(l <= sizeof(iv))) + return -1; + i = ASN1_TYPE_get_octetstring(type, iv, l); if (i != (int)l) return -1; - else if (i > 0) - memcpy(c->iv, c->oiv, l); + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1)) + return -1; } return i; } @@ -175,14 +207,20 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) } } -int EVP_CIPHER_block_size(const EVP_CIPHER *e) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) { - return e->block_size; + if (cipher->prov != NULL) { + if (cipher->blocksize != NULL) + return cipher->blocksize(); + /* We default to a block size of 1 */ + return 1; + } + return cipher->block_size; } int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) { - return ctx->cipher->block_size; + return EVP_CIPHER_block_size(ctx->cipher); } int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) @@ -193,6 +231,12 @@ int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { + if (ctx->cipher->prov != NULL) { + if (ctx->cipher->ccipher != NULL) + return ctx->cipher->ccipher(ctx->provctx, out, in, (size_t)inl); + return 0; + } + return ctx->cipher->do_cipher(ctx, out, in, inl); } @@ -238,12 +282,18 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { + if (cipher->prov != NULL) { + if (cipher->iv_length != NULL) + return (int)cipher->iv_length(); + return 0; + } + return cipher->iv_len; } int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { - return ctx->cipher->iv_len; + return EVP_CIPHER_iv_length(ctx->cipher); } const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) @@ -278,11 +328,23 @@ void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { + if (cipher->prov != NULL) { + if (cipher->key_length != NULL) + return (int)cipher->key_length(); + return -1; + } + return cipher->key_len; } int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) { + /* + * TODO(3.0): This may need to change if/when we introduce variable length + * key ciphers into the providers. + */ + if (ctx->cipher != NULL && ctx->cipher->prov != NULL) + return EVP_CIPHER_key_length(ctx->cipher); return ctx->key_len; } @@ -296,6 +358,33 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) return ctx->cipher->nid; } +int EVP_CIPHER_mode(const EVP_CIPHER *cipher) +{ + if (cipher->prov != NULL) { + int mode; + + /* Cipher comes from a provider - so ask the provider for the mode */ + OSSL_PARAM params[] = { + OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL), + OSSL_PARAM_END + }; + + params[0].data = &mode; + + if (cipher->get_params == NULL) { + EVPerr(EVP_F_EVP_CIPHER_MODE, EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } + + if (!cipher->get_params(params)) + return 0; + + return mode; + } + return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; +} + + int EVP_MD_block_size(const EVP_MD *md) { if (md == NULL) { @@ -353,12 +442,16 @@ EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) } return md; } + EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) { EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type); - if (to != NULL) + if (to != NULL) { + CRYPTO_RWLOCK *lock = to->lock; memcpy(to, md, sizeof(*to)); + to->lock = lock; + } return to; } diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index efa2db8..3172c49 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -44,6 +44,10 @@ struct evp_cipher_ctx_st { int final_used; int block_mask; unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ + + /* Provider ctx */ + void *provctx; + EVP_CIPHER *fetched_cipher; } /* EVP_CIPHER_CTX */ ; struct evp_mac_ctx_st { diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index c932898..b3d9694 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -210,10 +210,14 @@ struct evp_md_st { struct evp_cipher_st { int nid; + int block_size; /* Default value for variable length ciphers */ int key_len; int iv_len; + + /* Legacy structure members */ + /* TODO(3.0): Remove these */ /* Various flags */ unsigned long flags; /* init key */ @@ -234,6 +238,26 @@ struct evp_cipher_st { int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Application data */ void *app_data; + + /* New structure members */ + /* TODO(3.0): Remove above comment when legacy has gone */ + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + OSSL_OP_cipher_newctx_fn *newctx; + OSSL_OP_cipher_encrypt_init_fn *einit; + OSSL_OP_cipher_decrypt_init_fn *dinit; + OSSL_OP_cipher_update_fn *cupdate; + OSSL_OP_cipher_final_fn *cfinal; + OSSL_OP_cipher_cipher_fn *ccipher; + OSSL_OP_cipher_freectx_fn *freectx; + OSSL_OP_cipher_dupctx_fn *dupctx; + OSSL_OP_cipher_key_length_fn *key_length; + OSSL_OP_cipher_iv_length_fn *iv_length; + OSSL_OP_cipher_block_size_fn *blocksize; + OSSL_OP_cipher_get_params_fn *get_params; + OSSL_OP_cipher_ctx_get_params_fn *ctx_get_params; + OSSL_OP_cipher_ctx_set_params_fn *ctx_set_params; } /* EVP_CIPHER */ ; /* Macros to code block cipher wrappers */ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index be4a647..35a23d7 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -34,6 +34,12 @@ extern "C" { */ #define OSSL_PROV_PARAM_BUILDINFO "buildinfo" + +/* Well known cipher parameters */ + +#define OSSL_CIPHER_PARAM_PADDING "padding" +#define OSSL_CIPHER_PARAM_MODE "mode" + # ifdef __cplusplus } # endif diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 2054381..d588886 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -78,7 +78,7 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, # define OSSL_FUNC_DIGEST_NEWCTX 1 # define OSSL_FUNC_DIGEST_INIT 2 -# define OSSL_FUNC_DIGEST_UPDDATE 3 +# define OSSL_FUNC_DIGEST_UPDATE 3 # define OSSL_FUNC_DIGEST_FINAL 4 # define OSSL_FUNC_DIGEST_DIGEST 5 # define OSSL_FUNC_DIGEST_FREECTX 6 @@ -86,6 +86,7 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, # define OSSL_FUNC_DIGEST_SIZE 8 # define OSSL_FUNC_DIGEST_BLOCK_SIZE 9 + OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void)) OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *vctx)) OSSL_CORE_MAKE_FUNC(int, OP_digest_update, @@ -95,12 +96,64 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_final, OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, (const unsigned char *in, size_t inl, unsigned char *out, size_t *out_l, size_t outsz)) + OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) + +/* Symmetric Ciphers */ + +# define OSSL_OP_CIPHER 2 + +# define OSSL_FUNC_CIPHER_NEWCTX 1 +# define OSSL_FUNC_CIPHER_ENCRYPT_INIT 2 +# define OSSL_FUNC_CIPHER_DECRYPT_INIT 3 +# define OSSL_FUNC_CIPHER_UPDATE 4 +# define OSSL_FUNC_CIPHER_FINAL 5 +# define OSSL_FUNC_CIPHER_CIPHER 6 +# define OSSL_FUNC_CIPHER_FREECTX 7 +# define OSSL_FUNC_CIPHER_DUPCTX 8 +# define OSSL_FUNC_CIPHER_KEY_LENGTH 9 +# define OSSL_FUNC_CIPHER_IV_LENGTH 10 +# define OSSL_FUNC_CIPHER_BLOCK_SIZE 11 +# define OSSL_FUNC_CIPHER_GET_PARAMS 12 +# define OSSL_FUNC_CIPHER_CTX_GET_PARAMS 13 +# define OSSL_FUNC_CIPHER_CTX_SET_PARAMS 14 + +OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *vctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_decrypt_init, (void *vctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_update, + (void *, unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_final, + (void *, unsigned char *out, size_t *outl, size_t outsize)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher, + (void *, unsigned char *out, const unsigned char *in, + size_t inl)) +OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *vctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *vctx)) +OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void)) +OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_iv_length, (void)) +OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_block_size, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *vctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *vctx, + const OSSL_PARAM params[])) + + # ifdef __cplusplus } # endif diff --git a/include/openssl/err.h b/include/openssl/err.h index 136b000..8fcdfb4 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -98,6 +98,7 @@ typedef struct err_state_st { # define ERR_LIB_ESS 54 # define ERR_LIB_PROP 55 # define ERR_LIB_CRMF 56 +# define ERR_LIB_PROV 57 # define ERR_LIB_USER 128 @@ -140,6 +141,7 @@ typedef struct err_state_st { # define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ESSerr(f,r) ERR_PUT_error(ERR_LIB_ESS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define PROPerr(f,r) ERR_PUT_error(ERR_LIB_PROP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PROVerr(f,r) ERR_PUT_error(ERR_LIB_PROV,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ERR_PACK(l,f,r) ( \ (((unsigned int)(l) & 0x0FF) << 24L) | \ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index a903b29..6fc0f35 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -190,6 +190,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); +int EVP_CIPHER_upref(EVP_CIPHER *cipher); int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); @@ -473,7 +474,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); -# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) +int EVP_CIPHER_mode(const EVP_CIPHER *cipher); +EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index e62cfb3..d88d4a8 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -55,6 +55,9 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_CIPHER_CTX_COPY 163 # define EVP_F_EVP_CIPHER_CTX_CTRL 124 # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_CIPHER_CTX_SET_PADDING 237 +# define EVP_F_EVP_CIPHER_FROM_DISPATCH 238 +# define EVP_F_EVP_CIPHER_MODE 239 # define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 # define EVP_F_EVP_DECRYPTFINAL_EX 101 # define EVP_F_EVP_DECRYPTUPDATE 166 @@ -190,6 +193,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_INVALID_KEY 163 # define EVP_R_INVALID_KEY_LENGTH 130 # define EVP_R_INVALID_OPERATION 148 +# define EVP_R_INVALID_PROVIDER_FUNCTIONS 193 # define EVP_R_INVALID_SALT_LENGTH 186 # define EVP_R_KEYGEN_FAILURE 120 # define EVP_R_KEY_SETUP_FAILED 180 diff --git a/providers/build.info b/providers/build.info index 1628e1f..ef107a7 100644 --- a/providers/build.info +++ b/providers/build.info @@ -7,7 +7,7 @@ IF[{- !$disabled{fips} -}] SOURCE[fips]=fips.ld GENERATE[fips.ld]=../util/providers.num ENDIF - INCLUDE[fips]=.. ../include ../crypto/include + INCLUDE[fips]=.. ../include ../crypto/include common/include DEFINE[fips]=FIPS_MODE ENDIF diff --git a/providers/common/build.info b/providers/common/build.info index 5cb7e43..1617467 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1 +1,4 @@ -SUBDIRS=digests +SUBDIRS=digests ciphers + +SOURCE[../../libcrypto]=\ + provider_err.c diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c new file mode 100644 index 0000000..5c6e670 --- /dev/null +++ b/providers/common/ciphers/aes.c @@ -0,0 +1,470 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include "internal/cryptlib.h" +#include "internal/provider_algs.h" +#include "ciphers_locl.h" +#include "internal/providercommonerr.h" + +static OSSL_OP_cipher_encrypt_init_fn aes_einit; +static OSSL_OP_cipher_decrypt_init_fn aes_dinit; +static OSSL_OP_cipher_update_fn aes_block_update; +static OSSL_OP_cipher_final_fn aes_block_final; +static OSSL_OP_cipher_update_fn aes_stream_update; +static OSSL_OP_cipher_final_fn aes_stream_final; +static OSSL_OP_cipher_cipher_fn aes_cipher; +static OSSL_OP_cipher_freectx_fn aes_freectx; +static OSSL_OP_cipher_dupctx_fn aes_dupctx; +static OSSL_OP_cipher_key_length_fn key_length_256; +static OSSL_OP_cipher_key_length_fn key_length_192; +static OSSL_OP_cipher_key_length_fn key_length_128; +static OSSL_OP_cipher_iv_length_fn iv_length_16; +static OSSL_OP_cipher_iv_length_fn iv_length_0; +static OSSL_OP_cipher_block_size_fn block_size_16; +static OSSL_OP_cipher_block_size_fn block_size_1; +static OSSL_OP_cipher_ctx_get_params_fn aes_ctx_get_params; +static OSSL_OP_cipher_ctx_set_params_fn aes_ctx_set_params; + +static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx, + const unsigned char *iv, + size_t ivlen, + int enc) +{ + if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { + if (ivlen != AES_BLOCK_SIZE) { + PROVerr(PROV_F_PROV_AES_KEY_GENERIC_INIT, ERR_R_INTERNAL_ERROR); + return 0; + } + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + } + ctx->enc = enc; + + return 1; +} + +static int aes_einit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + + if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) { + /* PROVerr already called */ + return 0; + } + if (key != NULL) { + if (keylen != ctx->keylen) { + PROVerr(PROV_F_AES_EINIT, PROV_R_INVALID_KEYLEN); + return 0; + } + return ctx->ciph->init(ctx, key, ctx->keylen); + } + + return 1; +} + +static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + + if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) { + /* PROVerr already called */ + return 0; + } + if (key != NULL) { + if (keylen != ctx->keylen) { + PROVerr(PROV_F_AES_DINIT, PROV_R_INVALID_KEYLEN); + return 0; + } + return ctx->ciph->init(ctx, key, ctx->keylen); + } + + return 1; +} + +static int aes_block_update(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, size_t inl) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, + &inl); + size_t outlint = 0; + + /* + * If we're decrypting and we end an update on a block boundary we hold + * the last block back in case this is the last update call and the last + * block is padded. + */ + if (ctx->bufsz == AES_BLOCK_SIZE + && (ctx->enc || inl > 0 || !ctx->pad)) { + if (outsize < AES_BLOCK_SIZE) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + ctx->bufsz = 0; + outlint = AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (nextblocks > 0) { + if (!ctx->enc && ctx->pad && nextblocks == inl) { + if (!ossl_assert(inl >= AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + nextblocks -= AES_BLOCK_SIZE; + } + outlint += nextblocks; + if (outsize < outlint) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + in += nextblocks; + inl -= nextblocks; + } + if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) { + /* PROVerr already called */ + return 0; + } + + *outl = outlint; + return inl == 0; +} + +static int aes_block_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + + if (ctx->enc) { + if (ctx->pad) { + padblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE); + } else if (ctx->bufsz == 0) { + *outl = 0; + return 1; + } else if (ctx->bufsz != AES_BLOCK_SIZE) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH); + return 0; + } + + if (outsize < AES_BLOCK_SIZE) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + ctx->bufsz = 0; + *outl = AES_BLOCK_SIZE; + return 1; + } + + /* Decrypting */ + if (ctx->bufsz != AES_BLOCK_SIZE) { + if (ctx->bufsz == 0 && !ctx->pad) { + *outl = 0; + return 1; + } + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH); + return 0; + } + + if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) { + /* PROVerr already called */ + return 0; + } + + if (outsize < ctx->bufsz) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + memcpy(out, ctx->buf, ctx->bufsz); + *outl = ctx->bufsz; + ctx->bufsz = 0; + return 1; +} + +static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, + size_t inl) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + + if (outsize < inl) { + PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + + if (!ctx->ciph->cipher(ctx, out, in, inl)) { + PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + *outl = inl; + return 1; +} +static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) +{ + *outl = 0; + return 1; +} + +static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in, + size_t inl) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + + if (!ctx->ciph->cipher(ctx, out, in, inl)) { + PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + return 1; +} + +#define IMPLEMENT_new_params(lcmode, UCMODE) \ + static OSSL_OP_cipher_get_params_fn aes_##lcmode##_get_params; \ + static int aes_##lcmode##_get_params(const OSSL_PARAM params[]) \ + { \ + const OSSL_PARAM *p; \ + \ + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); \ + if (p != NULL && !OSSL_PARAM_set_int(p, EVP_CIPH_##UCMODE##_MODE)) \ + return 0; \ + \ + return 1; \ + } + +#define IMPLEMENT_new_ctx(lcmode, UCMODE, len) \ + static OSSL_OP_cipher_newctx_fn aes_##len##_##lcmode##_newctx; \ + static void *aes_##len##_##lcmode##_newctx(void) \ + { \ + PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + \ + ctx->pad = 1; \ + ctx->keylen = (len / 8); \ + ctx->ciph = PROV_AES_CIPHER_##lcmode(ctx->keylen); \ + ctx->mode = EVP_CIPH_##UCMODE##_MODE; \ + return ctx; \ + } + +/* ECB */ +IMPLEMENT_new_params(ecb, ECB) +IMPLEMENT_new_ctx(ecb, ECB, 256) +IMPLEMENT_new_ctx(ecb, ECB, 192) +IMPLEMENT_new_ctx(ecb, ECB, 128) + +/* CBC */ +IMPLEMENT_new_params(cbc, CBC) +IMPLEMENT_new_ctx(cbc, CBC, 256) +IMPLEMENT_new_ctx(cbc, CBC, 192) +IMPLEMENT_new_ctx(cbc, CBC, 128) + +/* OFB */ +IMPLEMENT_new_params(ofb, OFB) +IMPLEMENT_new_ctx(ofb, OFB, 256) +IMPLEMENT_new_ctx(ofb, OFB, 192) +IMPLEMENT_new_ctx(ofb, OFB, 128) + +/* CFB */ +IMPLEMENT_new_params(cfb, CFB) +IMPLEMENT_new_params(cfb1, CFB) +IMPLEMENT_new_params(cfb8, CFB) +IMPLEMENT_new_ctx(cfb, CFB, 256) +IMPLEMENT_new_ctx(cfb, CFB, 192) +IMPLEMENT_new_ctx(cfb, CFB, 128) +IMPLEMENT_new_ctx(cfb1, CFB, 256) +IMPLEMENT_new_ctx(cfb1, CFB, 192) +IMPLEMENT_new_ctx(cfb1, CFB, 128) +IMPLEMENT_new_ctx(cfb8, CFB, 256) +IMPLEMENT_new_ctx(cfb8, CFB, 192) +IMPLEMENT_new_ctx(cfb8, CFB, 128) + +/* CTR */ +IMPLEMENT_new_params(ctr, CTR) +IMPLEMENT_new_ctx(ctr, CTR, 256) +IMPLEMENT_new_ctx(ctr, CTR, 192) +IMPLEMENT_new_ctx(ctr, CTR, 128) + +static void aes_freectx(void *vctx) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *aes_dupctx(void *ctx) +{ + PROV_AES_KEY *in = (PROV_AES_KEY *)ctx; + PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret == NULL) { + PROVerr(PROV_F_AES_DUPCTX, ERR_R_MALLOC_FAILURE); + return NULL; + } + *ret = *in; + + return ret; +} + +static size_t key_length_256(void) +{ + return 256 / 8; +} + +static size_t key_length_192(void) +{ + return 192 / 8; +} + +static size_t key_length_128(void) +{ + return 128 / 8; +} + +static size_t iv_length_16(void) +{ + return 16; +} + +static size_t iv_length_0(void) +{ + return 0; +} + +static size_t block_size_16(void) +{ + return 16; +} + +static size_t block_size_1(void) +{ + return 1; +} + +static int aes_ctx_get_params(void *vctx, const OSSL_PARAM params[]) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); + if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) { + PROVerr(PROV_F_AES_CTX_GET_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + + return 1; +} + +static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[]) +{ + PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); + if (p != NULL) { + int pad; + + if (!OSSL_PARAM_get_int(p, &pad)) { + PROVerr(PROV_F_AES_CTX_SET_PARAMS, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + ctx->pad = pad ? 1 : 0; + } + return 1; +} + +#define IMPLEMENT_block_funcs(mode, keylen, ivlen) \ + const OSSL_DISPATCH aes##keylen##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##keylen##_##mode##_newctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_block_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_block_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ + { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_##keylen }, \ + { OSSL_FUNC_CIPHER_IV_LENGTH, (void (*)(void))iv_length_##ivlen }, \ + { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_16 }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##mode##_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \ + { 0, NULL } \ + }; + +#define IMPLEMENT_stream_funcs(mode, keylen, ivlen) \ + const OSSL_DISPATCH aes##keylen##mode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##keylen##_##mode##_newctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_stream_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_stream_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ + { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_##keylen }, \ + { OSSL_FUNC_CIPHER_IV_LENGTH, (void (*)(void))iv_length_##ivlen }, \ + { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_1 }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##mode##_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \ + { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \ + { 0, NULL } \ + }; + +/* ECB */ +IMPLEMENT_block_funcs(ecb, 256, 0) +IMPLEMENT_block_funcs(ecb, 192, 0) +IMPLEMENT_block_funcs(ecb, 128, 0) + +/* CBC */ +IMPLEMENT_block_funcs(cbc, 256, 16) +IMPLEMENT_block_funcs(cbc, 192, 16) +IMPLEMENT_block_funcs(cbc, 128, 16) + +/* OFB */ +IMPLEMENT_stream_funcs(ofb, 256, 16) +IMPLEMENT_stream_funcs(ofb, 192, 16) +IMPLEMENT_stream_funcs(ofb, 128, 16) + +/* CFB */ +IMPLEMENT_stream_funcs(cfb, 256, 16) +IMPLEMENT_stream_funcs(cfb, 192, 16) +IMPLEMENT_stream_funcs(cfb, 128, 16) +IMPLEMENT_stream_funcs(cfb1, 256, 16) +IMPLEMENT_stream_funcs(cfb1, 192, 16) +IMPLEMENT_stream_funcs(cfb1, 128, 16) +IMPLEMENT_stream_funcs(cfb8, 256, 16) +IMPLEMENT_stream_funcs(cfb8, 192, 16) +IMPLEMENT_stream_funcs(cfb8, 128, 16) + +/* CTR */ +IMPLEMENT_stream_funcs(ctr, 256, 16) +IMPLEMENT_stream_funcs(ctr, 192, 16) +IMPLEMENT_stream_funcs(ctr, 128, 16) diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c new file mode 100644 index 0000000..0f64296 --- /dev/null +++ b/providers/common/ciphers/aes_basic.c @@ -0,0 +1,866 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include "internal/evp_int.h" +#include +#include +#include "ciphers_locl.h" +#include "internal/providercommonerr.h" + +#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) + +#ifdef VPAES_ASM +int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); + +void vpaes_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void vpaes_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void vpaes_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); +#endif +#ifdef BSAES_ASM +void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char ivec[16], int enc); +void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + const unsigned char ivec[16]); +#endif +#ifdef AES_CTR_ASM +void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + const unsigned char ivec[AES_BLOCK_SIZE]); +#endif + + +#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) +# include "ppc_arch.h" +# ifdef VPAES_ASM +# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) +# endif +# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) +# define HWAES_set_encrypt_key aes_p8_set_encrypt_key +# define HWAES_set_decrypt_key aes_p8_set_decrypt_key +# define HWAES_encrypt aes_p8_encrypt +# define HWAES_decrypt aes_p8_decrypt +# define HWAES_cbc_encrypt aes_p8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks +# define HWAES_xts_encrypt aes_p8_xts_encrypt +# define HWAES_xts_decrypt aes_p8_xts_decrypt +#endif + +#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ + ((defined(__i386) || defined(__i386__) || \ + defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +extern unsigned int OPENSSL_ia32cap_P[]; + +# ifdef VPAES_ASM +# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +# endif +# ifdef BSAES_ASM +# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +# endif +/* + * AES-NI section + */ +# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) + +int aesni_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int aesni_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); + +void aesni_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void aesni_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void aesni_ecb_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, const AES_KEY *key, int enc); +void aesni_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); + +void aesni_ctr32_encrypt_blocks(const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, const unsigned char *ivec); + +static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key, + size_t keylen) +{ + int ret; + + if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) + && !dat->enc) { + ret = aesni_set_decrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f) aesni_decrypt; + dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aesni_cbc_encrypt : NULL; + } else { + ret = aesni_set_encrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f) aesni_encrypt; + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; + else if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; + else + dat->stream.cbc = NULL; + } + + if (ret < 0) { + PROVerr(PROV_F_AESNI_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +static int aesni_cbc_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + aesni_cbc_encrypt(in, out, len, &ctx->ks.ks, ctx->iv, ctx->enc); + + return 1; +} + +static int aesni_ecb_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + if (len < AES_BLOCK_SIZE) + return 1; + + aesni_ecb_encrypt(in, out, len, &ctx->ks.ks, ctx->enc); + + return 1; +} + +# define aesni_ofb_cipher aes_ofb_cipher +static int aesni_ofb_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aesni_cfb_cipher aes_cfb_cipher +static int aesni_cfb_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aesni_cfb8_cipher aes_cfb8_cipher +static int aesni_cfb8_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aesni_cfb1_cipher aes_cfb1_cipher +static int aesni_cfb1_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aesni_ctr_cipher aes_ctr_cipher +static int aesni_ctr_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define BLOCK_CIPHER_generic_prov(mode) \ +static const PROV_AES_CIPHER aesni_##mode = { \ + aesni_init_key, \ + aesni_##mode##_cipher}; \ +static const PROV_AES_CIPHER aes_##mode = { \ + aes_init_key, \ + aes_##mode##_cipher}; \ +const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ +{ return AESNI_CAPABLE?&aesni_##mode:&aes_##mode; } + + +#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) + +# include "sparc_arch.h" + +extern unsigned int OPENSSL_sparcv9cap_P[]; + +/* + * Fujitsu SPARC64 X support + */ +# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) +# define HWAES_set_encrypt_key aes_fx_set_encrypt_key +# define HWAES_set_decrypt_key aes_fx_set_decrypt_key +# define HWAES_encrypt aes_fx_encrypt +# define HWAES_decrypt aes_fx_decrypt +# define HWAES_cbc_encrypt aes_fx_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks + +# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) + +void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); +void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); +void aes_t4_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void aes_t4_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +/* + * Key-length specific subroutines were chosen for following reason. + * Each SPARC T4 core can execute up to 8 threads which share core's + * resources. Loading as much key material to registers allows to + * minimize references to shared memory interface, as well as amount + * of instructions in inner loops [much needed on T4]. But then having + * non-key-length specific routines would require conditional branches + * either in inner loops or on subroutines' entries. Former is hardly + * acceptable, while latter means code size increase to size occupied + * by multiple key-length specific subroutines, so why fight? + */ +void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec); +void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); +void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); +void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); + +static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key, + size_t keylen) +{ + int ret, bits; + + bits = keylen * 8; + if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) + && !dat->enc) { + ret = 0; + aes_t4_set_decrypt_key(key, bits, &dat->ks.ks); + dat->block = (block128_f) aes_t4_decrypt; + switch (bits) { + case 128: + dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aes128_t4_cbc_decrypt : NULL; + break; + case 192: + dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aes192_t4_cbc_decrypt : NULL; + break; + case 256: + dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aes256_t4_cbc_decrypt : NULL; + break; + default: + ret = -1; + } + } else { + ret = 0; + aes_t4_set_encrypt_key(key, bits, &dat->ks.ks); + dat->block = (block128_f)aes_t4_encrypt; + switch (bits) { + case 128: + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt; + else if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt; + else + dat->stream.cbc = NULL; + break; + case 192: + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt; + else if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt; + else + dat->stream.cbc = NULL; + break; + case 256: + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt; + else if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt; + else + dat->stream.cbc = NULL; + break; + default: + ret = -1; + } + } + + if (ret < 0) { + PROVerr(PROV_F_AES_T4_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +# define aes_t4_cbc_cipher aes_cbc_cipher +static int aes_t4_cbc_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aes_t4_ecb_cipher aes_ecb_cipher +static int aes_t4_ecb_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aes_t4_ofb_cipher aes_ofb_cipher +static int aes_t4_ofb_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aes_t4_cfb_cipher aes_cfb_cipher +static int aes_t4_cfb_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aes_t4_cfb8_cipher aes_cfb8_cipher +static int aes_t4_cfb8_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aes_t4_cfb1_cipher aes_cfb1_cipher +static int aes_t4_cfb1_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define aes_t4_ctr_cipher aes_ctr_cipher +static int aes_t4_ctr_cipher(PROV_AES_KEY *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define BLOCK_CIPHER_generic_prov(mode) \ +static const PROV_AES_CIPHER aes_t4_##mode = { \ + aes_t4_init_key, \ + aes_t4_##mode##_cipher}; \ +static const PROV_AES_CIPHER aes_##mode = { \ + aes_init_key, \ + aes_##mode##_cipher}; \ +const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ +{ return SPARC_AES_CAPABLE?&aes_t4_##mode:&aes_##mode; } + + +#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) +/* + * IBM S390X support + */ +# include "s390x_arch.h" + +/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ +# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) + +/* Most modes of operation need km for partial block processing. */ +# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_128)) +# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_192)) +# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_256)) + +# define s390x_aes_init_key aes_init_key +static int s390x_aes_init_key(PROV_AES_KEY *dat, const unsigned char *key, + size_t keylen); + +# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 1 +# define S390X_aes_256_cbc_CAPABLE 1 +# define S390X_AES_CBC_CTX PROV_AES_KEY + +# define s390x_aes_cbc_init_key aes_init_key + +# define s390x_aes_cbc_cipher aes_cbc_cipher +static int s390x_aes_cbc_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE +# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE +# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE + +static int s390x_aes_ecb_init_key(PROV_AES_KEY *dat, const unsigned char *key, + size_t keylen) +{ + dat->plat.s390x.fc = S390X_AES_FC(keylen); + if (!dat->enc) + dat->plat.s390x.fc |= S390X_DECRYPT; + + memcpy(dat->plat.s390x.param.km.k, key, keylen); + return 1; +} + +static int s390x_aes_ecb_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + s390x_km(in, len, out, dat->plat.s390x.fc, + &dat->plat.s390x.param.km); + return 1; +} + +# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +static int s390x_aes_ofb_init_key(PROV_AES_KEY *dat, const unsigned char *key, + size_t keylen) +{ + memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE); + memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen); + dat->plat.s390x.fc = S390X_AES_FC(keylen); + dat->plat.s390x.res = 0; + return 1; +} + +static int s390x_aes_ofb_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int n = dat->plat.s390x.res; + int rem; + + while (n && len) { + *out = *in ^ dat->plat.s390x.param.kmo_kmf.cv[n]; + n = (n + 1) & 0xf; + --len; + ++in; + ++out; + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kmo(in, len, out, dat->plat.s390x.fc, + &dat->plat.s390x.param.kmo_kmf); + + out += len; + in += len; + } + + if (rem) { + s390x_km(dat->plat.s390x.param.kmo_kmf.cv, 16, + dat->plat.s390x.param.kmo_kmf.cv, dat->plat.s390x.fc, + dat->plat.s390x.param.kmo_kmf.k); + + while (rem--) { + out[n] = in[n] ^ dat->plat.s390x.param.kmo_kmf.cv[n]; + ++n; + } + } + + dat->plat.s390x.res = n; + return 1; +} + +# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +static int s390x_aes_cfb_init_key(PROV_AES_KEY *dat, const unsigned char *key, + size_t keylen) +{ + dat->plat.s390x.fc = S390X_AES_FC(keylen); + dat->plat.s390x.fc |= 16 << 24; /* 16 bytes cipher feedback */ + if (!dat->enc) + dat->plat.s390x.fc |= S390X_DECRYPT; + + dat->plat.s390x.res = 0; + memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE); + memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen); + return 1; +} + +static int s390x_aes_cfb_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int n = dat->plat.s390x.res; + int rem; + unsigned char tmp; + + while (n && len) { + tmp = *in; + *out = dat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp; + dat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? *out : tmp; + n = (n + 1) & 0xf; + --len; + ++in; + ++out; + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kmf(in, len, out, dat->plat.s390x.fc, + &dat->plat.s390x.param.kmo_kmf); + + out += len; + in += len; + } + + if (rem) { + s390x_km(dat->plat.s390x.param.kmo_kmf.cv, 16, + dat->plat.s390x.param.kmo_kmf.cv, + S390X_AES_FC(dat->keylen), dat->plat.s390x.param.kmo_kmf.k); + + while (rem--) { + tmp = in[n]; + out[n] = dat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp; + dat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? out[n] : tmp; + ++n; + } + } + + dat->plat.s390x.res = n; + return 1; +} + +# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_128)) +# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_192)) +# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_256)) + +static int s390x_aes_cfb8_init_key(PROV_AES_KEY *dat, const unsigned char *key, + size_t keylen) +{ + dat->plat.s390x.fc = S390X_AES_FC(keylen); + dat->plat.s390x.fc |= 1 << 24; /* 1 byte cipher feedback */ + if (!dat->enc) + dat->plat.s390x.fc |= S390X_DECRYPT; + + memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE); + memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen); + return 1; +} + +static int s390x_aes_cfb8_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + s390x_kmf(in, len, out, dat->plat.s390x.fc, + &dat->plat.s390x.param.kmo_kmf); + return 1; +} + +# define S390X_aes_128_cfb1_CAPABLE 0 +# define S390X_aes_192_cfb1_CAPABLE 0 +# define S390X_aes_256_cfb1_CAPABLE 0 + +# define s390x_aes_cfb1_init_key aes_init_key + +# define s390x_aes_cfb1_cipher aes_cfb1_cipher +static int s390x_aes_cfb1_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 1 +# define S390X_aes_256_ctr_CAPABLE 1 +# define S390X_AES_CTR_CTX PROV_AES_KEY + +# define s390x_aes_ctr_init_key aes_init_key + +# define s390x_aes_ctr_cipher aes_ctr_cipher +static int s390x_aes_ctr_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len); + +# define BLOCK_CIPHER_generic_prov(mode) \ +static const PROV_AES_CIPHER s390x_aes_##mode = { \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher \ +}; \ +static const PROV_AES_CIPHER aes_##mode = { \ + aes_init_key, \ + aes_##mode##_cipher \ +}; \ +const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ +{ \ + if ((keylen == 128 && S390X_aes_128_##mode##_CAPABLE) \ + || (keylen == 192 && S390X_aes_192_##mode##_CAPABLE) \ + || (keylen == 256 && S390X_aes_256_##mode##_CAPABLE)) \ + return &s390x_aes_##mode; \ + \ + return &aes_##mode; \ +} + +#else + +# define BLOCK_CIPHER_generic_prov(mode) \ +static const PROV_AES_CIPHER aes_##mode = { \ + aes_init_key, \ + aes_##mode##_cipher}; \ +const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ +{ return &aes_##mode; } + +#endif + +#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +# include "arm_arch.h" +# if __ARM_MAX_ARCH__>=7 +# if defined(BSAES_ASM) +# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif +# if defined(VPAES_ASM) +# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif +# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +# define HWAES_set_encrypt_key aes_v8_set_encrypt_key +# define HWAES_set_decrypt_key aes_v8_set_decrypt_key +# define HWAES_encrypt aes_v8_encrypt +# define HWAES_decrypt aes_v8_decrypt +# define HWAES_cbc_encrypt aes_v8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks +# endif +#endif + +#if defined(HWAES_CAPABLE) +int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +void HWAES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + const unsigned char ivec[16]); +#endif + +static int aes_init_key(PROV_AES_KEY *dat, const unsigned char *key, + size_t keylen) +{ + int ret; + + if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) + && !dat->enc) { +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + ret = HWAES_set_decrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f)HWAES_decrypt; + dat->stream.cbc = NULL; +# ifdef HWAES_cbc_encrypt + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; +# endif + } else +#endif +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) { + ret = AES_set_decrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f)AES_decrypt; + dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt; + } else +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + ret = vpaes_set_decrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f)vpaes_decrypt; + dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) + ?(cbc128_f)vpaes_cbc_encrypt : NULL; + } else +#endif + { + ret = AES_set_decrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f)AES_decrypt; + dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) + ? (cbc128_f)AES_cbc_encrypt : NULL; + } + } else +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + ret = HWAES_set_encrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f)HWAES_encrypt; + dat->stream.cbc = NULL; +# ifdef HWAES_cbc_encrypt + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; + else +# endif +# ifdef HWAES_ctr32_encrypt_blocks + if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; + else +# endif + (void)0; /* terminate potentially open 'else' */ + } else +#endif +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) { + ret = AES_set_encrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f)AES_encrypt; + dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; + } else +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + ret = vpaes_set_encrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f)vpaes_encrypt; + dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) + ? (cbc128_f)vpaes_cbc_encrypt : NULL; + } else +#endif + { + ret = AES_set_encrypt_key(key, keylen * 8, &dat->ks.ks); + dat->block = (block128_f)AES_encrypt; + dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) + ? (cbc128_f)AES_cbc_encrypt : NULL; +#ifdef AES_CTR_ASM + if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; +#endif + } + + if (ret < 0) { + PROVerr(PROV_F_AES_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +static int aes_cbc_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + if (dat->stream.cbc) + (*dat->stream.cbc) (in, out, len, &dat->ks, dat->iv, dat->enc); + else if (dat->enc) + CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, dat->iv, dat->block); + else + CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, dat->iv, dat->block); + + return 1; +} + +static int aes_ecb_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + size_t i; + + if (len < AES_BLOCK_SIZE) + return 1; + + for (i = 0, len -= AES_BLOCK_SIZE; i <= len; i += AES_BLOCK_SIZE) + (*dat->block) (in + i, out + i, &dat->ks); + + return 1; +} + +static int aes_ofb_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int num = dat->num; + CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->block); + dat->num = num; + + return 1; +} + +static int aes_cfb_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int num = dat->num; + CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->enc, + dat->block); + dat->num = num; + + return 1; +} + +static int aes_cfb8_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int num = dat->num; + CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->enc, + dat->block); + dat->num = num; + + return 1; +} + +static int aes_cfb1_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int num = dat->num; + + if ((dat->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) { + CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, dat->iv, &num, + dat->enc, dat->block); + dat->num = num; + return 1; + } + + while (len >= MAXBITCHUNK) { + CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, + dat->iv, &num, dat->enc, dat->block); + len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; + } + if (len) + CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, dat->iv, &num, + dat->enc, dat->block); + + dat->num = num; + + return 1; +} + +static int aes_ctr_cipher(PROV_AES_KEY *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + unsigned int num = dat->num; + + if (dat->stream.ctr) + CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, dat->iv, dat->buf, + &num, dat->stream.ctr); + else + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, dat->iv, dat->buf, + &num, dat->block); + dat->num = num; + + return 1; +} + +BLOCK_CIPHER_generic_prov(cbc) +BLOCK_CIPHER_generic_prov(ecb) +BLOCK_CIPHER_generic_prov(ofb) +BLOCK_CIPHER_generic_prov(cfb) +BLOCK_CIPHER_generic_prov(cfb1) +BLOCK_CIPHER_generic_prov(cfb8) +BLOCK_CIPHER_generic_prov(ctr) + diff --git a/providers/common/ciphers/block.c b/providers/common/ciphers/block.c new file mode 100644 index 0000000..03aa429 --- /dev/null +++ b/providers/common/ciphers/block.c @@ -0,0 +1,118 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "ciphers_locl.h" +#include +#include "internal/providercommonerr.h" + +/* + * Fills a single block of buffered data from the input, and returns the amount + * of data remaining in the input that is a multiple of the blocksize. The buffer + * is only filled if it already has some data in it, isn't full already or we + * don't have at least one block in the input. + * + * buf: a buffer of blocksize bytes + * buflen: contains the amount of data already in buf on entry. Updated with the + * amount of data in buf at the end. On entry *buflen must always be + * less than the blocksize + * blocksize: size of a block. Must be greater than 0 and a power of 2 + * in: pointer to a pointer containing the input data + * inlen: amount of input data available + * + * On return buf is filled with as much data as possible up to a full block, + * *buflen is updated containing the amount of data in buf. *in is updated to + * the new location where input data should be read from, *inlen is updated with + * the remaining amount of data in *in. Returns the largest value <= *inlen + * which is a multiple of the blocksize. + */ +size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize, + const unsigned char **in, size_t *inlen) +{ + size_t blockmask = ~(blocksize - 1); + + assert(*buflen <= blocksize); + assert(blocksize > 0 && (blocksize & (blocksize - 1)) == 0); + + if (*buflen != blocksize && (*buflen != 0 || *inlen < blocksize)) { + size_t bufremain = blocksize - *buflen; + + if (*inlen < bufremain) + bufremain = *inlen; + memcpy(buf + *buflen, *in, bufremain); + *in += bufremain; + *inlen -= bufremain; + *buflen += bufremain; + } + + return *inlen & blockmask; +} + +/* + * Fills the buffer with trailing data from an encryption/decryption that didn't + * fit into a full block. + */ +int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize, + const unsigned char **in, size_t *inlen) +{ + if (*inlen == 0) + return 1; + + if (*buflen + *inlen > blocksize) { + PROVerr(PROV_F_TRAILINGDATA, ERR_R_INTERNAL_ERROR); + return 0; + } + + memcpy(buf + *buflen, *in, *inlen); + *buflen += *inlen; + *inlen = 0; + + return 1; +} + +/* Pad the final block for encryption */ +void padblock(unsigned char *buf, size_t *buflen, size_t blocksize) +{ + size_t i; + unsigned char pad = (unsigned char)(blocksize - *buflen); + + for (i = *buflen; i < blocksize; i++) + buf[i] = pad; +} + +int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize) +{ + size_t pad, i; + size_t len = *buflen; + + if(len != blocksize) { + PROVerr(PROV_F_UNPADBLOCK, ERR_R_INTERNAL_ERROR); + return 0; + } + + /* + * The following assumes that the ciphertext has been authenticated. + * Otherwise it provides a padding oracle. + */ + pad = buf[blocksize - 1]; + if (pad == 0 || pad > blocksize) { + PROVerr(PROV_F_UNPADBLOCK, PROV_R_BAD_DECRYPT); + return 0; + } + for (i = 0; i < pad; i++) { + if (buf[--len] != pad) { + PROVerr(PROV_F_UNPADBLOCK, PROV_R_BAD_DECRYPT); + return 0; + } + } + *buflen = len; + return 1; +} diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info new file mode 100644 index 0000000..f4ff2ce --- /dev/null +++ b/providers/common/ciphers/build.info @@ -0,0 +1,4 @@ +LIBS=../../../libcrypto +SOURCE[../../../libcrypto]=\ + block.c aes.c aes_basic.c +INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/providers/common/ciphers/ciphers_locl.h b/providers/common/ciphers/ciphers_locl.h new file mode 100644 index 0000000..a874bbf --- /dev/null +++ b/providers/common/ciphers/ciphers_locl.h @@ -0,0 +1,107 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +typedef struct prov_aes_cipher_st PROV_AES_CIPHER; + +typedef struct prov_aes_key_st { + union { + double align; + AES_KEY ks; + } ks; + block128_f block; + union { + cbc128_f cbc; + ctr128_f ctr; + } stream; + + /* Platform specific data */ + union { + int dummy; +#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) + struct { + union { + double align; + /*- + * KM-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-06) + */ + struct { + unsigned char k[32]; + } km; + /* KM-AES parameter block - end */ + /*- + * KMO-AES/KMF-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-08) + */ + struct { + unsigned char cv[16]; + unsigned char k[32]; + } kmo_kmf; + /* KMO-AES/KMF-AES parameter block - end */ + } param; + unsigned int fc; + int res; + } s390x; +#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */ + } plat; + + /* The cipher functions we are going to use */ + const PROV_AES_CIPHER *ciph; + + /* The mode that we are using */ + int mode; + + /* Set to 1 if we are encrypting or 0 otherwise */ + int enc; + + unsigned char iv[AES_BLOCK_SIZE]; + + /* + * num contains the number of bytes of |iv| which are valid for modes that + * manage partial blocks themselves. + */ + size_t num; + + /* Buffer of partial blocks processed via update calls */ + unsigned char buf[AES_BLOCK_SIZE]; + + /* Number of bytes in buf */ + size_t bufsz; + + uint64_t flags; + + size_t keylen; + + /* Whether padding should be used or not */ + unsigned int pad : 1; +} PROV_AES_KEY; + +struct prov_aes_cipher_st { + int (*init)(PROV_AES_KEY *dat, const uint8_t *key, size_t keylen); + int (*cipher)(PROV_AES_KEY *dat, uint8_t *out, const uint8_t *in, + size_t inl); +}; + +const PROV_AES_CIPHER *PROV_AES_CIPHER_ecb(size_t keylen); +const PROV_AES_CIPHER *PROV_AES_CIPHER_cbc(size_t keylen); +const PROV_AES_CIPHER *PROV_AES_CIPHER_ofb(size_t keylen); +const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb(size_t keylen); +const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb1(size_t keylen); +const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb8(size_t keylen); +const PROV_AES_CIPHER *PROV_AES_CIPHER_ctr(size_t keylen); + +size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize, + const unsigned char **in, size_t *inlen); +int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize, + const unsigned char **in, size_t *inlen); +void padblock(unsigned char *buf, size_t *buflen, size_t blocksize); +int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize); diff --git a/providers/common/digests/sha2.c b/providers/common/digests/sha2.c index 3698046..c9f616d 100644 --- a/providers/common/digests/sha2.c +++ b/providers/common/digests/sha2.c @@ -10,6 +10,7 @@ #include #include #include +#include "internal/provider_algs.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -73,11 +74,10 @@ static size_t sha256_block_size(void) return SHA256_CBLOCK; } -extern const OSSL_DISPATCH sha256_functions[]; const OSSL_DISPATCH sha256_functions[] = { { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))sha256_newctx }, { OSSL_FUNC_DIGEST_INIT, (void (*)(void))SHA256_Init }, - { OSSL_FUNC_DIGEST_UPDDATE, (void (*)(void))SHA256_Update }, + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))SHA256_Update }, { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))sha256_final }, { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))sha256_freectx }, { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))sha256_dupctx }, diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h new file mode 100644 index 0000000..dd9211b --- /dev/null +++ b/providers/common/include/internal/provider_algs.h @@ -0,0 +1,34 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Digests */ +extern const OSSL_DISPATCH sha256_functions[]; + +/* Ciphers */ +extern const OSSL_DISPATCH aes256ecb_functions[]; +extern const OSSL_DISPATCH aes192ecb_functions[]; +extern const OSSL_DISPATCH aes128ecb_functions[]; +extern const OSSL_DISPATCH aes256cbc_functions[]; +extern const OSSL_DISPATCH aes192cbc_functions[]; +extern const OSSL_DISPATCH aes128cbc_functions[]; +extern const OSSL_DISPATCH aes256ofb_functions[]; +extern const OSSL_DISPATCH aes192ofb_functions[]; +extern const OSSL_DISPATCH aes128ofb_functions[]; +extern const OSSL_DISPATCH aes256cfb_functions[]; +extern const OSSL_DISPATCH aes192cfb_functions[]; +extern const OSSL_DISPATCH aes128cfb_functions[]; +extern const OSSL_DISPATCH aes256cfb1_functions[]; +extern const OSSL_DISPATCH aes192cfb1_functions[]; +extern const OSSL_DISPATCH aes128cfb1_functions[]; +extern const OSSL_DISPATCH aes256cfb8_functions[]; +extern const OSSL_DISPATCH aes192cfb8_functions[]; +extern const OSSL_DISPATCH aes128cfb8_functions[]; +extern const OSSL_DISPATCH aes256ctr_functions[]; +extern const OSSL_DISPATCH aes192ctr_functions[]; +extern const OSSL_DISPATCH aes128ctr_functions[]; diff --git a/fuzz/corpora/ct/e53301b7bba90f14da5195be2e47ec3f88924694 b/providers/common/include/internal/providercommon.h similarity index 100% copy from fuzz/corpora/ct/e53301b7bba90f14da5195be2e47ec3f88924694 copy to providers/common/include/internal/providercommon.h diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h new file mode 100644 index 0000000..609fd5b --- /dev/null +++ b/providers/common/include/internal/providercommonerr.h @@ -0,0 +1,54 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PROVERR_H +# define HEADER_PROVERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PROV_strings(void); + +/* + * PROV function codes. + */ +# define PROV_F_AESNI_INIT_KEY 101 +# define PROV_F_AES_BLOCK_FINAL 102 +# define PROV_F_AES_BLOCK_UPDATE 103 +# define PROV_F_AES_CIPHER 104 +# define PROV_F_AES_CTX_GET_PARAMS 105 +# define PROV_F_AES_CTX_SET_PARAMS 106 +# define PROV_F_AES_DINIT 107 +# define PROV_F_AES_DUPCTX 108 +# define PROV_F_AES_EINIT 109 +# define PROV_F_AES_INIT_KEY 110 +# define PROV_F_AES_STREAM_UPDATE 111 +# define PROV_F_AES_T4_INIT_KEY 112 +# define PROV_F_PROV_AES_KEY_GENERIC_INIT 113 +# define PROV_F_TRAILINGDATA 114 +# define PROV_F_UNPADBLOCK 100 + +/* + * PROV reason codes. + */ +# define PROV_R_AES_KEY_SETUP_FAILED 101 +# define PROV_R_BAD_DECRYPT 100 +# define PROV_R_CIPHER_OPERATION_FAILED 102 +# define PROV_R_FAILED_TO_GET_PARAMETER 103 +# define PROV_R_FAILED_TO_SET_PARAMETER 104 +# define PROV_R_INVALID_KEYLEN 105 +# define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 +# define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 + +#endif diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c new file mode 100644 index 0000000..e6b577f --- /dev/null +++ b/providers/common/provider_err.c @@ -0,0 +1,67 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/providercommonerr.h" + +#ifndef OPENSSL_NO_ERR + +static const ERR_STRING_DATA PROV_str_functs[] = { + {ERR_PACK(ERR_LIB_PROV, PROV_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_BLOCK_FINAL, 0), "aes_block_final"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_BLOCK_UPDATE, 0), "aes_block_update"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CIPHER, 0), "aes_cipher"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CTX_GET_PARAMS, 0), + "aes_ctx_get_params"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CTX_SET_PARAMS, 0), + "aes_ctx_set_params"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_DINIT, 0), "aes_dinit"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_DUPCTX, 0), "aes_dupctx"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_EINIT, 0), "aes_einit"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_INIT_KEY, 0), "aes_init_key"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_STREAM_UPDATE, 0), "aes_stream_update"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_PROV_AES_KEY_GENERIC_INIT, 0), + "PROV_AES_KEY_generic_init"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_TRAILINGDATA, 0), "trailingdata"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_UNPADBLOCK, 0), "unpadblock"}, + {0, NULL} +}; + +static const ERR_STRING_DATA PROV_str_reasons[] = { + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_AES_KEY_SETUP_FAILED), + "aes key setup failed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED), + "cipher operation failed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GET_PARAMETER), + "failed to get parameter"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), + "failed to set parameter"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEYLEN), "invalid keylen"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL), + "output buffer too small"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH), + "wrong final block length"}, + {0, NULL} +}; + +#endif + +int ERR_load_PROV_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(PROV_str_functs[0].error) == NULL) { + ERR_load_strings_const(PROV_str_functs); + ERR_load_strings_const(PROV_str_reasons); + } +#endif + return 1; +} diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 9b52429..cba2dcc 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -13,6 +13,7 @@ #include #include #include +#include "internal/provider_algs.h" /* Functions provided by the core */ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; @@ -49,13 +50,36 @@ static int deflt_get_params(const OSSL_PROVIDER *prov, return 1; } -extern const OSSL_DISPATCH sha256_functions[]; - static const OSSL_ALGORITHM deflt_digests[] = { { "SHA256", "default=yes", sha256_functions }, { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM deflt_ciphers[] = { + { "AES-256-ECB", "default=yes", aes256ecb_functions }, + { "AES-192-ECB", "default=yes", aes192ecb_functions }, + { "AES-128-ECB", "default=yes", aes128ecb_functions }, + { "AES-256-CBC", "default=yes", aes256cbc_functions }, + { "AES-192-CBC", "default=yes", aes192cbc_functions }, + { "AES-128-CBC", "default=yes", aes128cbc_functions }, + { "AES-256-OFB", "default=yes", aes256ofb_functions }, + { "AES-192-OFB", "default=yes", aes192ofb_functions }, + { "AES-128-OFB", "default=yes", aes128ofb_functions }, + { "AES-256-CFB", "default=yes", aes256cfb_functions }, + { "AES-192-CFB", "default=yes", aes192cfb_functions }, + { "AES-128-CFB", "default=yes", aes128cfb_functions }, + { "AES-256-CFB1", "default=yes", aes256cfb1_functions }, + { "AES-192-CFB1", "default=yes", aes192cfb1_functions }, + { "AES-128-CFB1", "default=yes", aes128cfb1_functions }, + { "AES-256-CFB8", "default=yes", aes256cfb8_functions }, + { "AES-192-CFB8", "default=yes", aes192cfb8_functions }, + { "AES-128-CFB8", "default=yes", aes128cfb8_functions }, + { "AES-256-CTR", "default=yes", aes256ctr_functions }, + { "AES-192-CTR", "default=yes", aes192ctr_functions }, + { "AES-128-CTR", "default=yes", aes128ctr_functions }, + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, int operation_id, int *no_cache) @@ -64,6 +88,8 @@ static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, switch (operation_id) { case OSSL_OP_DIGEST: return deflt_digests; + case OSSL_OP_CIPHER: + return deflt_ciphers; } return NULL; } diff --git a/providers/legacy/digests/md2.c b/providers/legacy/digests/md2.c index c941dd7..017a511 100644 --- a/providers/legacy/digests/md2.c +++ b/providers/legacy/digests/md2.c @@ -54,7 +54,7 @@ extern const OSSL_DISPATCH md2_functions[]; const OSSL_DISPATCH md2_functions[] = { { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))md2_newctx }, { OSSL_FUNC_DIGEST_INIT, (void (*)(void))MD2_Init }, - { OSSL_FUNC_DIGEST_UPDDATE, (void (*)(void))MD2_Update }, + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))MD2_Update }, { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))md2_final }, { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))md2_freectx }, { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))md2_dupctx }, diff --git a/util/ck_errf.pl b/util/ck_errf.pl index cc7224a..681535e 100755 --- a/util/ck_errf.pl +++ b/util/ck_errf.pl @@ -72,7 +72,8 @@ if ( $internal ) { die "Extra parameters given.\n" if @ARGV; $config = "crypto/err/openssl.ec" unless defined $config; @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'), - glob('ssl/*.c'), glob('ssl/*/*.c') ); + glob('ssl/*.c'), glob('ssl/*/*.c'), glob('providers/*.c'), + glob('providers/*/*.c'), glob('providers/*/*/*.c') ); } else { die "Configuration file not given.\nSee '$0 -help' for information\n" unless defined $config; diff --git a/util/libcrypto.num b/util/libcrypto.num index c14523e..b9be349 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4796,3 +4796,6 @@ EVP_MD_fetch 4743 3_0_0 EXIST::FUNCTION: EVP_set_default_properties 4744 3_0_0 EXIST::FUNCTION: OSSL_PARAM_construct_end 4745 3_0_0 EXIST::FUNCTION: EC_GROUP_check_named_curve 4746 3_0_0 EXIST::FUNCTION:EC +EVP_CIPHER_upref 4747 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_fetch 4748 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_mode 4749 3_0_0 EXIST::FUNCTION: diff --git a/util/mkerr.pl b/util/mkerr.pl index 7139ee3..f1d9b39 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -114,7 +114,8 @@ if ( $internal ) { die "Cannot mix -internal and -static\n" if $static; die "Extra parameters given.\n" if @ARGV; @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'), - glob('ssl/*.c'), glob('ssl/*/*.c') ); + glob('ssl/*.c'), glob('ssl/*/*.c'), glob('providers/*.c'), + glob('providers/*/*.c'), glob('providers/*/*/*.c') ); } else { die "-module isn't useful without -internal\n" if scalar keys %modules > 0; @source = @ARGV; From matt at openssl.org Fri Apr 19 08:46:05 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Apr 2019 08:46:05 +0000 Subject: [openssl] master update Message-ID: <1555663565.322637.31330.nullmailer@dev.openssl.org> The branch master has been updated via a595b10d343845eca32cffb35f1d0a2f15ce40a9 (commit) via 6f3aae256d62cfcc48c07cc0ead5080b070f371b (commit) from 6caf7f3aec5484ee65067e9671299d3411565dc1 (commit) - Log ----------------------------------------------------------------- commit a595b10d343845eca32cffb35f1d0a2f15ce40a9 Author: Matt Caswell Date: Thu Apr 18 10:55:11 2019 +0100 Add some more test vectors for ChaCha20 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8780) commit 6f3aae256d62cfcc48c07cc0ead5080b070f371b Author: Matt Caswell Date: Thu Apr 18 10:54:58 2019 +0100 Clarify the documentation on the use of ChaCha20 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8780) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_chacha20.pod | 10 +++++++++- test/recipes/30-test_evp_data/evpciph.txt | 29 ++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/doc/man3/EVP_chacha20.pod b/doc/man3/EVP_chacha20.pod index 7b014c2..5218ee2 100644 --- a/doc/man3/EVP_chacha20.pod +++ b/doc/man3/EVP_chacha20.pod @@ -21,7 +21,15 @@ The ChaCha20 stream cipher for EVP. =item EVP_chacha20() -The ChaCha20 stream cipher. The key length is 256 bits, the IV is 96 bits long. +The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of: + +000000000000000000000002 + +With an initial counter of 42 (2a in hex) would be expressed as: + +2a000000000000000000000000000002 =item EVP_chacha20_poly1305() diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index 7c87a6f..553bee5 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -2388,14 +2388,41 @@ Operation = ENCRYPT Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 -Title = Chacha20 +Title = Chacha20 test vectors from RFC7539 +# A.1 Test Vector 1 Cipher = chacha20 Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Ciphertext = 76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586 +# A.1 Test Vector 2 +Cipher = chacha20 +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 01000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 9f07e7be5551387a98ba977c732d080dcb0f29a048e3656912c6533e32ee7aed29b721769ce64e43d57133b074d839d531ed1f28510afb45ace10a1f4b794d6f + +# A.2 Test Vector 1 is the same as A.1 Test Vector 1 +# A.2 Test Vector 2 +Cipher = chacha20 +Key = 0000000000000000000000000000000000000000000000000000000000000001 +#Counter (first 4 bytes) expressed in little-endian order +IV = 01000000000000000000000000000002 +Plaintext = 416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f +Ciphertext = a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221 + +# A.2 Test Vector 3 +Cipher = chacha20 +Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 +#Counter (first 4 bytes) expressed in little-endian order +IV = 2a000000000000000000000000000002 +Plaintext = 2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e +Ciphertext = 62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1 + +Title = Chacha20 + Cipher = chacha20 Key = 0000000000000000000000000000000000000000000000000000000000000001 IV = 00000000000000000000000000000000 From matt at openssl.org Fri Apr 19 08:46:16 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Apr 2019 08:46:16 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1555663576.005859.671.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via af0bab32273847c14ea7635f714466a5d497905c (commit) via d0a2b73b9c823d155ac3880bf193a2fb08a4b4bb (commit) from 18111b130abc0f53b41abbbf82b27d7232ec99f2 (commit) - Log ----------------------------------------------------------------- commit af0bab32273847c14ea7635f714466a5d497905c Author: Matt Caswell Date: Thu Apr 18 10:55:11 2019 +0100 Add some more test vectors for ChaCha20 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8780) (cherry picked from commit a595b10d343845eca32cffb35f1d0a2f15ce40a9) commit d0a2b73b9c823d155ac3880bf193a2fb08a4b4bb Author: Matt Caswell Date: Thu Apr 18 10:54:58 2019 +0100 Clarify the documentation on the use of ChaCha20 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8780) (cherry picked from commit 6f3aae256d62cfcc48c07cc0ead5080b070f371b) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_chacha20.pod | 10 +++++++++- test/recipes/30-test_evp_data/evpciph.txt | 29 ++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/doc/man3/EVP_chacha20.pod b/doc/man3/EVP_chacha20.pod index 96da825..4636a1e 100644 --- a/doc/man3/EVP_chacha20.pod +++ b/doc/man3/EVP_chacha20.pod @@ -21,7 +21,15 @@ The ChaCha20 stream cipher for EVP. =item EVP_chacha20() -The ChaCha20 stream cipher. The key length is 256 bits, the IV is 96 bits long. +The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of: + +000000000000000000000002 + +With an initial counter of 42 (2a in hex) would be expressed as: + +2a000000000000000000000000000002 =item EVP_chacha20_poly1305() diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index 9361b56..f474e74 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -2387,14 +2387,41 @@ Operation = ENCRYPT Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 -Title = Chacha20 +Title = Chacha20 test vectors from RFC7539 +# A.1 Test Vector 1 Cipher = chacha20 Key = 0000000000000000000000000000000000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Ciphertext = 76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586 +# A.1 Test Vector 2 +Cipher = chacha20 +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 01000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 9f07e7be5551387a98ba977c732d080dcb0f29a048e3656912c6533e32ee7aed29b721769ce64e43d57133b074d839d531ed1f28510afb45ace10a1f4b794d6f + +# A.2 Test Vector 1 is the same as A.1 Test Vector 1 +# A.2 Test Vector 2 +Cipher = chacha20 +Key = 0000000000000000000000000000000000000000000000000000000000000001 +#Counter (first 4 bytes) expressed in little-endian order +IV = 01000000000000000000000000000002 +Plaintext = 416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f +Ciphertext = a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221 + +# A.2 Test Vector 3 +Cipher = chacha20 +Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 +#Counter (first 4 bytes) expressed in little-endian order +IV = 2a000000000000000000000000000002 +Plaintext = 2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e +Ciphertext = 62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1 + +Title = Chacha20 + Cipher = chacha20 Key = 0000000000000000000000000000000000000000000000000000000000000001 IV = 00000000000000000000000000000000 From matt at openssl.org Fri Apr 19 08:55:36 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Apr 2019 08:55:36 +0000 Subject: [openssl] master update Message-ID: <1555664136.705145.12784.nullmailer@dev.openssl.org> The branch master has been updated via 6fda11ae5a06e28fd9463e5afb60735d074904b3 (commit) from a595b10d343845eca32cffb35f1d0a2f15ce40a9 (commit) - Log ----------------------------------------------------------------- commit 6fda11ae5a06e28fd9463e5afb60735d074904b3 Author: dyrock Date: Mon Apr 15 11:01:58 2019 -0500 Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by: Paul Yang Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8756) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_client_hello_cb.pod | 2 ++ ssl/ssl_lib.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/doc/man3/SSL_CTX_set_client_hello_cb.pod b/doc/man3/SSL_CTX_set_client_hello_cb.pod index b8dad37..74e168d 100644 --- a/doc/man3/SSL_CTX_set_client_hello_cb.pod +++ b/doc/man3/SSL_CTX_set_client_hello_cb.pod @@ -65,6 +65,8 @@ both required, and on success the caller must release the storage allocated for B<*out> using OPENSSL_free(). The contents of B<*out> is an array of integers holding the numerical value of the TLS extension types in the order they appear in the ClientHello. B<*outlen> contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with B<*out> set to NULL and B<*outlen> set to 0. =head1 NOTES diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f63e16b..221653e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5140,6 +5140,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) if (ext->present) num++; } + if (num == 0) { + *out = NULL; + *outlen = 0; + return 1; + } if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, ERR_R_MALLOC_FAILURE); From matt at openssl.org Fri Apr 19 08:55:54 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Apr 2019 08:55:54 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1555664154.369457.27304.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 1711a62686e3d55767ba067a4fd1a18ceec69d3f (commit) from af0bab32273847c14ea7635f714466a5d497905c (commit) - Log ----------------------------------------------------------------- commit 1711a62686e3d55767ba067a4fd1a18ceec69d3f Author: dyrock Date: Mon Apr 15 11:01:58 2019 -0500 Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by: Paul Yang Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8756) (cherry picked from commit 6fda11ae5a06e28fd9463e5afb60735d074904b3) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_client_hello_cb.pod | 2 ++ ssl/ssl_lib.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/doc/man3/SSL_CTX_set_client_hello_cb.pod b/doc/man3/SSL_CTX_set_client_hello_cb.pod index 6824b5b..585127d 100644 --- a/doc/man3/SSL_CTX_set_client_hello_cb.pod +++ b/doc/man3/SSL_CTX_set_client_hello_cb.pod @@ -65,6 +65,8 @@ both required, and on success the caller must release the storage allocated for B<*out> using OPENSSL_free(). The contents of B<*out> is an array of integers holding the numerical value of the TLS extension types in the order they appear in the ClientHello. B<*outlen> contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with B<*out> set to NULL and B<*outlen> set to 0. =head1 NOTES diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4440a9f..d7e1f32 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5070,6 +5070,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) if (ext->present) num++; } + if (num == 0) { + *out = NULL; + *outlen = 0; + return 1; + } if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, ERR_R_MALLOC_FAILURE); From builds at travis-ci.org Fri Apr 19 08:45:20 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Apr 2019 08:45:20 +0000 Subject: Still Failing: openssl/openssl#24834 (master - 1393722) In-Reply-To: Message-ID: <5cb98a9fc4406_43fe79f417af064745@b2237278-507b-4644-8067-a7abdf0a66ba.mail> Build Update for openssl/openssl ------------------------------------- Build: #24834 Status: Still Failing Duration: 18 mins and 26 secs Commit: 1393722 (master) Author: Richard Levitte Message: ossl_method_store_cache_get(): ensure non-NULL property query The comparator further down the call stack doesn't tolerate NULL, so if we got that as input, use the empty string. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8781) View the changeset: https://github.com/openssl/openssl/compare/4f29f3a29b8b...1393722af384 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/522070457?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 19 09:19:54 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Apr 2019 09:19:54 +0000 Subject: Still Failing: openssl/openssl#24836 (master - a595b10) In-Reply-To: Message-ID: <5cb992ba4ad02_43fe79f41791069168@b2237278-507b-4644-8067-a7abdf0a66ba.mail> Build Update for openssl/openssl ------------------------------------- Build: #24836 Status: Still Failing Duration: 30 mins and 54 secs Commit: a595b10 (master) Author: Matt Caswell Message: Add some more test vectors for ChaCha20 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8780) View the changeset: https://github.com/openssl/openssl/compare/6caf7f3aec54...a595b10d3438 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/522074976?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 19 09:05:00 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Apr 2019 09:05:00 +0000 Subject: Still Failing: openssl/openssl#24835 (master - 6caf7f3) In-Reply-To: Message-ID: <5cb98f3bde7fe_43fd03a7c7b7c996b1@73d1b078-1284-4fdc-8a7e-1541f204e639.mail> Build Update for openssl/openssl ------------------------------------- Build: #24835 Status: Still Failing Duration: 27 mins and 58 secs Commit: 6caf7f3 (master) Author: Matt Caswell Message: Create provider errors and use them Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8700) View the changeset: https://github.com/openssl/openssl/compare/1393722af384...6caf7f3aec54 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/522072679?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 19 09:28:36 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Apr 2019 09:28:36 +0000 Subject: Still Failing: openssl/openssl#24837 (OpenSSL_1_1_1-stable - af0bab3) In-Reply-To: Message-ID: <5cb994c4517b8_43fd03a7ade341030a4@73d1b078-1284-4fdc-8a7e-1541f204e639.mail> Build Update for openssl/openssl ------------------------------------- Build: #24837 Status: Still Failing Duration: 25 mins and 7 secs Commit: af0bab3 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Add some more test vectors for ChaCha20 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8780) (cherry picked from commit a595b10d343845eca32cffb35f1d0a2f15ce40a9) View the changeset: https://github.com/openssl/openssl/compare/18111b130abc...af0bab322738 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/522075027?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 19 09:39:04 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Apr 2019 09:39:04 +0000 Subject: Still Failing: openssl/openssl#24838 (master - 6fda11a) In-Reply-To: Message-ID: <5cb9973816999_43fd40153e7a012046f@c31f4024-54ee-419f-b12c-e9c74920da8b.mail> Build Update for openssl/openssl ------------------------------------- Build: #24838 Status: Still Failing Duration: 24 mins and 37 secs Commit: 6fda11a (master) Author: dyrock Message: Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by: Paul Yang Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8756) View the changeset: https://github.com/openssl/openssl/compare/a595b10d3438...6fda11ae5a06 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/522077931?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Apr 19 09:50:41 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 19 Apr 2019 09:50:41 +0000 Subject: Still Failing: openssl/openssl#24839 (OpenSSL_1_1_1-stable - 1711a62) In-Reply-To: Message-ID: <5cb999f148518_43ff86d7b00fc3403e4@ab008ecf-9f54-46a9-a3db-b69c754280f5.mail> Build Update for openssl/openssl ------------------------------------- Build: #24839 Status: Still Failing Duration: 24 mins and 2 secs Commit: 1711a62 (OpenSSL_1_1_1-stable) Author: dyrock Message: Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by: Paul Yang Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8756) (cherry picked from commit 6fda11ae5a06e28fd9463e5afb60735d074904b3) View the changeset: https://github.com/openssl/openssl/compare/af0bab322738...1711a62686e3 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/522077991?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 19 13:54:12 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 19 Apr 2019 13:54:12 +0000 Subject: Build failed: openssl master.24246 Message-ID: <20190419135412.1.43CAECAE5A06AE48@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 19 14:52:01 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 19 Apr 2019 14:52:01 +0000 Subject: Build completed: openssl master.24247 Message-ID: <20190419145201.1.52ED1A214CF52CD7@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Sat Apr 20 23:23:22 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 20 Apr 2019 23:23:22 +0000 Subject: [openssl] master update Message-ID: <1555802602.555219.19121.nullmailer@dev.openssl.org> The branch master has been updated via b8621bdde70690361a36dca52688a3d946c3fe0f (commit) from 6fda11ae5a06e28fd9463e5afb60735d074904b3 (commit) - Log ----------------------------------------------------------------- commit b8621bdde70690361a36dca52688a3d946c3fe0f Author: Pauli Date: Fri Apr 19 16:23:23 2019 +1000 Fix bug in entropy gathering. This only impacts FIPS mode or someone who has enabled the FIPS 140.2 4.9.2 Conditional Tests. i.e. nobody currently. Fix a significant issue in the entropy gathering for the continuous RNG testing. The impact is using an uninitialised buffer instead of the gathered entropy. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/8789) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_crng_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rand/rand_crng_test.c b/crypto/rand/rand_crng_test.c index 74a64ee..87f4ee1 100644 --- a/crypto/rand/rand_crng_test.c +++ b/crypto/rand/rand_crng_test.c @@ -30,7 +30,7 @@ int rand_crngt_get_entropy_cb(unsigned char *buf) while ((n = rand_pool_acquire_entropy(crngt_pool)) != 0) if (n >= CRNGT_BUFSIZ) { p = rand_pool_detach(crngt_pool); - memcpy(crngt_prev, p, CRNGT_BUFSIZ); + memcpy(buf, p, CRNGT_BUFSIZ); rand_pool_reattach(crngt_pool, p); return 1; } From builds at travis-ci.org Sat Apr 20 23:47:32 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 20 Apr 2019 23:47:32 +0000 Subject: Still Failing: openssl/openssl#24850 (master - b8621bd) In-Reply-To: Message-ID: <5cbbaf9438b52_43fe12e087164324431@d89916fb-f5ea-454f-b98f-c33148e4bf99.mail> Build Update for openssl/openssl ------------------------------------- Build: #24850 Status: Still Failing Duration: 23 mins and 31 secs Commit: b8621bd (master) Author: Pauli Message: Fix bug in entropy gathering. This only impacts FIPS mode or someone who has enabled the FIPS 140.2 4.9.2 Conditional Tests. i.e. nobody currently. Fix a significant issue in the entropy gathering for the continuous RNG testing. The impact is using an uninitialised buffer instead of the gathered entropy. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/8789) View the changeset: https://github.com/openssl/openssl/compare/6fda11ae5a06...b8621bdde706 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/522601179?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Apr 21 10:03:53 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 21 Apr 2019 10:03:53 +0000 Subject: Build failed: openssl master.24258 Message-ID: <20190421100353.1.217FD8BF059A62AB@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Apr 22 01:48:20 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Apr 2019 01:48:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1555897700.479185.8943.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: b8621bdde7 Fix bug in entropy gathering. 6fda11ae5a Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. a595b10d34 Add some more test vectors for ChaCha20 6f3aae256d Clarify the documentation on the use of ChaCha20 6caf7f3aec Create provider errors and use them 64adf9aac7 Fix the S390X support for the basic AES ciphers 3a7b15e484 Add forward declarations of the AES dispatch table functions dcd446f100 Make implementation of blocksize, iv_length and key_length mandatory 3b94944cf2 Add a maximum output length to update and final calls 344cfa34e5 Add iv length and key length params to the cipher init calls 819a7ae9fc Implement AES CTR ciphers in the default provider 75dd6d64f1 Implement AES CFB ciphers in the default provider ed98df51c6 Implement AES OFB ciphers in the default provider 718b133a53 Implement AES CBC ciphers in the default provider f4a129bb8d Add support in the default provider for 192/128 bit AES ECB 861b8f8747 Add the provider_algs.h internal header file aab26e6f7b Implement support for AES-256-ECB in the default provider df05f2ce6d Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware 1393722af3 ossl_method_store_cache_get(): ensure non-NULL property query bcb5d42171 OPENSSL_LH_flush(): assign NULL after freeing e019da7b6f Fix the generic EVP algorithm fetch to actually cache them Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl e_os2 > test/buildtest_e_os2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ebcdic > test/buildtest_ebcdic.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ec > test/buildtest_ec.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ess > test/buildtest_ess.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl params > test/buildtest_params.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl provider > test/buildtest_provider.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/casttest-bin-casttest.d.tmp -MT test/casttest-bin-casttest.o -c -o test/casttest-bin-casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Iapps/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/chacha_internal_test-bin-chacha_internal_test.d.tmp -MT test/chacha_internal_test-bin-chacha_internal_test.o -c -o test/chacha_internal_test-bin-chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherbytes_test-bin-cipherbytes_test.d.tmp -MT test/cipherbytes_test-bin-cipherbytes_test.o -c -o test/cipherbytes_test-bin-cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cipherlist_test-bin-cipherlist_test.d.tmp -MT test/cipherlist_test-bin-cipherlist_test.o -c -o test/cipherlist_test-bin-cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ciphername_test-bin-ciphername_test.d.tmp -MT test/ciphername_test-bin-ciphername_test.o -c -o test/ciphername_test-bin-ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/clienthellotest-bin-clienthellotest.d.tmp -MT test/clienthellotest-bin-clienthellotest.o -c -o test/clienthellotest-bin-clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/cmsapitest-bin-cmsapitest.d.tmp -MT test/cmsapitest-bin-cmsapitest.o -c -o test/cmsapitest-bin-cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/conf_include_test-bin-conf_include_test.d.tmp -MT test/conf_include_test-bin-conf_include_test.o -c -o test/conf_include_test-bin-conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/constant_time_test-bin-constant_time_test.d.tmp -MT test/constant_time_test-bin-constant_time_test.o -c -o test/constant_time_test-bin-constant_time_test.o ../openssl/test/constant_time_test.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/context_internal_test-bin-context_internal_test.d.tmp -MT test/context_internal_test-bin-context_internal_test.o -c -o test/context_internal_test-bin-context_internal_test.o ../openssl/test/context_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/crltest-bin-crltest.d.tmp -MT test/crltest-bin-crltest.o -c -o test/crltest-bin-crltest.o ../openssl/test/crltest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ct_test-bin-ct_test.d.tmp -MT test/ct_test-bin-ct_test.o -c -o test/ct_test-bin-ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -Iapps/include -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ctype_internal_test-bin-ctype_internal_test.d.tmp -MT test/ctype_internal_test-bin-ctype_internal_test.o -c -o test/ctype_internal_test-bin-ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Iapps/include -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/curve448_internal_test-bin-curve448_internal_test.d.tmp -MT test/curve448_internal_test-bin-curve448_internal_test.o -c -o test/curve448_internal_test-bin-curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/d2i_test-bin-d2i_test.d.tmp -MT test/d2i_test-bin-d2i_test.o -c -o test/d2i_test-bin-d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/danetest-bin-danetest.d.tmp -MT test/danetest-bin-danetest.o -c -o test/danetest-bin-danetest.o ../openssl/test/danetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/destest-bin-destest.d.tmp -MT test/destest-bin-destest.o -c -o test/destest-bin-destest.o ../openssl/test/destest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dhtest-bin-dhtest.d.tmp -MT test/dhtest-bin-dhtest.o -c -o test/dhtest-bin-dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_ctr.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_ctr.o ../openssl/test/drbg_cavs_data_ctr.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hash.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hash.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hash.o ../openssl/test/drbg_cavs_data_hash.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_data_hmac.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o -c -o test/drbg_cavs_test-bin-drbg_cavs_data_hmac.o ../openssl/test/drbg_cavs_data_hmac.c clang -Iinclude -Iapps/include -Itest -I. -I../openssl/include -I../openssl/apps/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbg_cavs_test-bin-drbg_cavs_test.d.tmp -MT test/drbg_cavs_test-bin-drbg_cavs_test.o -c -o test/drbg_cavs_test-bin-drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/drbgtest-bin-drbgtest.d.tmp -MT test/drbgtest-bin-drbgtest.o -c -o test/drbgtest-bin-drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.d.tmp -MT test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o -c -o test/dsa_no_digest_size_test-bin-dsa_no_digest_size_test.o ../openssl/test/dsa_no_digest_size_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dsatest-bin-dsatest.d.tmp -MT test/dsatest-bin-dsatest.o -c -o test/dsatest-bin-dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-dtls_mtu_test.d.tmp -MT test/dtls_mtu_test-bin-dtls_mtu_test.o -c -o test/dtls_mtu_test-bin-dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtls_mtu_test-bin-ssltestlib.d.tmp -MT test/dtls_mtu_test-bin-ssltestlib.o -c -o test/dtls_mtu_test-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-dtlstest.d.tmp -MT test/dtlstest-bin-dtlstest.o -c -o test/dtlstest-bin-dtlstest.o ../openssl/test/dtlstest.c clang -I. -Iinclude -I../openssl -I../openssl/include -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlstest-bin-ssltestlib.d.tmp -MT test/dtlstest-bin-ssltestlib.o -c -o test/dtlstest-bin-ssltestlib.o ../openssl/test/ssltestlib.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/dtlsv1listentest-bin-dtlsv1listentest.d.tmp -MT test/dtlsv1listentest-bin-dtlsv1listentest.o -c -o test/dtlsv1listentest-bin-dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -Icrypto/ec -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/crypto/ec -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ec_internal_test-bin-ec_internal_test.d.tmp -MT test/ec_internal_test-bin-ec_internal_test.o -c -o test/ec_internal_test-bin-ec_internal_test.o ../openssl/test/ec_internal_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecdsatest-bin-ecdsatest.d.tmp -MT test/ecdsatest-bin-ecdsatest.o -c -o test/ecdsatest-bin-ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ecstresstest-bin-ecstresstest.d.tmp -MT test/ecstresstest-bin-ecstresstest.o -c -o test/ecstresstest-bin-ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/ectest-bin-ectest.d.tmp -MT test/ectest-bin-ectest.o -c -o test/ectest-bin-ectest.o ../openssl/test/ectest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/enginetest-bin-enginetest.d.tmp -MT test/enginetest-bin-enginetest.o -c -o test/enginetest-bin-enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/errtest-bin-errtest.d.tmp -MT test/errtest-bin-errtest.o -c -o test/errtest-bin-errtest.o ../openssl/test/errtest.c clang -Iinclude -Iapps/include -Icrypto/include -I../openssl/include -I../openssl/apps/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_extra_test-bin-evp_extra_test.d.tmp -MT test/evp_extra_test-bin-evp_extra_test.o -c -o test/evp_extra_test-bin-evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -Iapps/include -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -MMD -MF test/evp_kdf_test-bin-evp_kdf_test.d.tmp -MT test/evp_kdf_test-bin-evp_kdf_test.o -c -o test/evp_kdf_test-bin-evp_kdf_test.o ../openssl/test/evp_kdf_test.c ../openssl/test/ectest.c:1889:24: error: implicit declaration of function 'BN_GF2m_add' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(BN_GF2m_add(x, x, field))) ^ ../openssl/test/ectest.c:1889:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] 2 errors generated. Makefile:15335: recipe for target 'test/ectest-bin-ectest.o' failed make[1]: *** [test/ectest-bin-ectest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Mon Apr 22 05:57:30 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Apr 2019 05:57:30 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1555912650.263268.23688.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: b8621bdde7 Fix bug in entropy gathering. 6fda11ae5a Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. a595b10d34 Add some more test vectors for ChaCha20 6f3aae256d Clarify the documentation on the use of ChaCha20 6caf7f3aec Create provider errors and use them 64adf9aac7 Fix the S390X support for the basic AES ciphers 3a7b15e484 Add forward declarations of the AES dispatch table functions dcd446f100 Make implementation of blocksize, iv_length and key_length mandatory 3b94944cf2 Add a maximum output length to update and final calls 344cfa34e5 Add iv length and key length params to the cipher init calls 819a7ae9fc Implement AES CTR ciphers in the default provider 75dd6d64f1 Implement AES CFB ciphers in the default provider ed98df51c6 Implement AES OFB ciphers in the default provider 718b133a53 Implement AES CBC ciphers in the default provider f4a129bb8d Add support in the default provider for 192/128 bit AES ECB 861b8f8747 Add the provider_algs.h internal header file aab26e6f7b Implement support for AES-256-ECB in the default provider df05f2ce6d Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware 1393722af3 ossl_method_store_cache_get(): ensure non-NULL property query bcb5d42171 OPENSSL_LH_flush(): assign NULL after freeing e019da7b6f Fix the generic EVP algorithm fetch to actually cache them Build log ended with (last 100 lines): crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:36: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:41: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:106: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:120: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: more undefined references to `__afl_prev_loc' follow test/p_test-dso-p_test.o: In function `p_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: undefined reference to `__afl_area_ptr' test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:74: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:83: more undefined references to `__afl_prev_loc' follow Makefile:6912: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6988: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Mon Apr 22 11:51:46 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Apr 2019 11:51:46 +0000 Subject: Build failed: openssl master.24268 Message-ID: <20190422115146.1.E7DEB4A45D8810A9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 22 12:16:55 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Apr 2019 12:16:55 +0000 Subject: Build completed: openssl master.24269 Message-ID: <20190422121655.1.F72829AEA8933054@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 22 12:33:14 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Apr 2019 12:33:14 +0000 Subject: Build failed: openssl master.24270 Message-ID: <20190422123314.1.29398A7C0B233F2D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 22 12:58:05 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Apr 2019 12:58:05 +0000 Subject: Build completed: openssl master.24271 Message-ID: <20190422125805.1.1758B078385E01E9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 22 14:26:32 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Apr 2019 14:26:32 +0000 Subject: Build failed: openssl master.24275 Message-ID: <20190422142632.1.90BE8B58980DBA7D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 22 17:26:47 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Apr 2019 17:26:47 +0000 Subject: Build completed: openssl master.24276 Message-ID: <20190422172647.1.BE48BF26CFEF76B3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 22 19:28:15 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Apr 2019 19:28:15 +0000 Subject: Build failed: openssl master.24278 Message-ID: <20190422192815.1.7F2783EE8B99F6E6@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 22 19:57:11 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 22 Apr 2019 19:57:11 +0000 Subject: Build completed: openssl master.24279 Message-ID: <20190422195711.1.60EFFB6AF61B724E@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Apr 23 09:43:59 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 23 Apr 2019 09:43:59 +0000 Subject: [openssl] master update Message-ID: <1556012639.953246.15978.nullmailer@dev.openssl.org> The branch master has been updated via a5cf198bad4c49c2850e16c34d929c28a37afcc3 (commit) from b8621bdde70690361a36dca52688a3d946c3fe0f (commit) - Log ----------------------------------------------------------------- commit a5cf198bad4c49c2850e16c34d929c28a37afcc3 Author: Matt Caswell Date: Fri Apr 19 11:17:44 2019 +0100 Fix no-ec2m Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/8792) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/ectest.c b/test/ectest.c index ab75ace..3f7747e 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1884,11 +1884,14 @@ static int check_ec_key_field_public_range_test(int id) * be the same point on the curve). The add is different for char2 fields. */ type = EC_METHOD_get_field_type(meth); +#ifndef OPENSSL_NO_EC2M if (type == NID_X9_62_characteristic_two_field) { /* test for binary curves */ if (!TEST_true(BN_GF2m_add(x, x, field))) goto err; - } else if (type == NID_X9_62_prime_field) { + } else +#endif + if (type == NID_X9_62_prime_field) { /* test for prime curves */ if (!TEST_true(BN_add(x, x, field))) goto err; From matt at openssl.org Tue Apr 23 09:53:35 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 23 Apr 2019 09:53:35 +0000 Subject: [openssl] master update Message-ID: <1556013215.083343.18006.nullmailer@dev.openssl.org> The branch master has been updated via 33b40a1027bfa6c400f24938093e80579c37586c (commit) via 361ecb1d1a4d6d113a6a9cedcc272d3b09c485bd (commit) from a5cf198bad4c49c2850e16c34d929c28a37afcc3 (commit) - Log ----------------------------------------------------------------- commit 33b40a1027bfa6c400f24938093e80579c37586c Author: Matt Caswell Date: Fri Apr 19 16:48:09 2019 +0100 If key or iv is NULL set the respective length to 0 [extended tests] Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8794) commit 361ecb1d1a4d6d113a6a9cedcc272d3b09c485bd Author: Matt Caswell Date: Fri Apr 19 16:21:10 2019 +0100 Fix EVP_CIPHER_CTX_rand_key() Make sure we use the the correct key length in EVP_CIPHER_CTX_rand_key(). Now that ciphers may come from providers we need to make sure we ask the provider for the value if appropriate. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8794) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 4426a81..676eaab 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -243,9 +243,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return ctx->cipher->einit(ctx->provctx, key, - EVP_CIPHER_CTX_key_length(ctx), + key == NULL ? 0 + : EVP_CIPHER_CTX_key_length(ctx), iv, - EVP_CIPHER_CTX_iv_length(ctx)); + iv == NULL ? 0 + : EVP_CIPHER_CTX_iv_length(ctx)); } if (ctx->cipher->dinit == NULL) { @@ -255,9 +257,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return ctx->cipher->dinit(ctx->provctx, key, - EVP_CIPHER_CTX_key_length(ctx), + key == NULL ? 0 + : EVP_CIPHER_CTX_key_length(ctx), iv, - EVP_CIPHER_CTX_iv_length(ctx)); + iv == NULL ? 0 + : EVP_CIPHER_CTX_iv_length(ctx)); /* TODO(3.0): Remove legacy code below */ legacy: @@ -947,7 +951,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) { if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); - if (RAND_priv_bytes(key, ctx->key_len) <= 0) + if (RAND_priv_bytes(key, EVP_CIPHER_CTX_key_length(ctx)) <= 0) return 0; return 1; } From builds at travis-ci.org Tue Apr 23 10:18:47 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Apr 2019 10:18:47 +0000 Subject: Still Failing: openssl/openssl#24884 (master - 33b40a1) In-Reply-To: Message-ID: <5cbee687331dd_43fc0795315dc11848b@448b3f13-2535-4202-a072-e53497331ce6.mail> Build Update for openssl/openssl ------------------------------------- Build: #24884 Status: Still Failing Duration: 24 mins and 38 secs Commit: 33b40a1 (master) Author: Matt Caswell Message: If key or iv is NULL set the respective length to 0 [extended tests] Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8794) View the changeset: https://github.com/openssl/openssl/compare/a5cf198bad4c...33b40a1027bf View the full build log and details: https://travis-ci.org/openssl/openssl/builds/523404585?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 23 10:03:55 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Apr 2019 10:03:55 +0000 Subject: Still Failing: openssl/openssl#24883 (master - a5cf198) In-Reply-To: Message-ID: <5cbee30acd5cb_43ffa7d31b41c9375d@1a1144fa-03ed-47e8-9510-c93337cae014.mail> Build Update for openssl/openssl ------------------------------------- Build: #24883 Status: Still Failing Duration: 19 mins and 9 secs Commit: a5cf198 (master) Author: Matt Caswell Message: Fix no-ec2m Reviewed-by: Paul Yang (Merged from https://github.com/openssl/openssl/pull/8792) View the changeset: https://github.com/openssl/openssl/compare/b8621bdde706...a5cf198bad4c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/523401223?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Apr 23 10:43:42 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Apr 2019 10:43:42 +0000 Subject: [openssl] master update Message-ID: <1556016222.565551.28165.nullmailer@dev.openssl.org> The branch master has been updated via 71ef78d71f638c7de893c635ee9b0fd16247c762 (commit) via 4650d10ff6ad1048785a009349c8b5d6e922fc7a (commit) via c1a09254e4c763b62811bc412afa1498699fce50 (commit) from 33b40a1027bfa6c400f24938093e80579c37586c (commit) - Log ----------------------------------------------------------------- commit 71ef78d71f638c7de893c635ee9b0fd16247c762 Author: Richard Levitte Date: Tue Apr 23 09:41:19 2019 +0200 Configure: make disabling stuff easier and safer Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8812) commit 4650d10ff6ad1048785a009349c8b5d6e922fc7a Author: Richard Levitte Date: Tue Apr 23 09:29:45 2019 +0200 Configure: recognise -static even if given through variables Fixes #8787 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8812) commit c1a09254e4c763b62811bc412afa1498699fce50 Author: Richard Levitte Date: Tue Apr 23 09:24:38 2019 +0200 Configure: merge all of %user and %useradd into %config earlier This came about with the realisation that upper case CFLAGS, LDFLAGS and so on aren't treated much after that, and this makes figuring out user added flags significantly easier, just look in %config. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8812) ----------------------------------------------------------------------- Summary of changes: Configure | 102 +++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 58 insertions(+), 44 deletions(-) diff --git a/Configure b/Configure index 3b7ca36..f9533bd 100755 --- a/Configure +++ b/Configure @@ -892,9 +892,6 @@ while (@argvcopy) elsif (/^-static$/) { push @{$useradd{LDFLAGS}}, $_; - $disabled{"pic"} = "forced"; - $disabled{"shared"} = "forced"; - $disabled{"threads"} = "forced"; } elsif (/^-D(.*)$/) { @@ -1006,20 +1003,30 @@ if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFLAGS}} : ()) "***** any of asan, msan or ubsan\n"; } -my @tocheckfor = (keys %disabled); -while (@tocheckfor) { - my %new_tocheckfor = (); - my @cascade_copy = (@disable_cascades); - while (@cascade_copy) { - my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy); - if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { - foreach(grep { !defined($disabled{$_}) } @$descendents) { - $new_tocheckfor{$_} = 1; $disabled{$_} = "forced"; +sub disable { + my $disable_type = shift; + + for (@_) { + $disabled{$_} = $disable_type; + } + + my @tocheckfor = (@_ ? @_ : keys %disabled); + while (@tocheckfor) { + my %new_tocheckfor = (); + my @cascade_copy = (@disable_cascades); + while (@cascade_copy) { + my ($test, $descendents) = + (shift @cascade_copy, shift @cascade_copy); + if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { + foreach (grep { !defined($disabled{$_}) } @$descendents) { + $new_tocheckfor{$_} = 1; $disabled{$_} = "cascade"; + } } } + @tocheckfor = (keys %new_tocheckfor); } - @tocheckfor = (keys %new_tocheckfor); } +disable(); # First cascade run our $die = sub { die @_; }; if ($target eq "TABLE") { @@ -1144,6 +1151,8 @@ $target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_l my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); $config{conf_files} = [ sort keys %conf_files ]; +# Using sub disable within these loops may prove fragile, so we run +# a cascade afterwards foreach my $feature (@{$target{disable}}) { if (exists $deprecated_disablables{$feature}) { warn "***** config $target disables deprecated feature $feature\n"; @@ -1162,6 +1171,7 @@ foreach my $feature (@{$target{enable}}) { delete $disabled{$feature}; } } +disable(); # Run a cascade now $target{CXXFLAGS}//=$target{CFLAGS} if $target{CXX}; $target{cxxflags}//=$target{cflags} if $target{CXX}; @@ -1202,6 +1212,22 @@ foreach (keys %user) { delete $config{$_} unless defined $config{$_}; } +# Finish up %config by appending things the user gave us on the command line +# apart from "make variables" +foreach (keys %useradd) { + # The must all be lists, so we assert that here + die "internal error: \$useradd{$_} isn't an ARRAY\n" + unless ref $useradd{$_} eq 'ARRAY'; + + if (defined $config{$_}) { + push @{$config{$_}}, @{$useradd{$_}}; + } else { + $config{$_} = [ @{$useradd{$_}} ]; + } +} +# At this point, we can forget everything about %user and %useradd, +# because it's now all been merged into the corresponding $config entry + # Allow overriding the build file name $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; @@ -1281,8 +1307,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) } if ($target =~ /linux.*-mips/ && !$disabled{asm} - && !grep { $_ !~ /-m(ips|arch=)/ } (@{$user{CFLAGS}}, - @{$useradd{CFLAGS}})) { + && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { # minimally required architecture flags for assembly modules my $value; $value = '-mips2' if ($target =~ /mips32/); @@ -1296,7 +1321,7 @@ unless ($disabled{threads}) { if ($auto_threads) { # Enabled by default, disable it forcibly if unavailable if ($target{thread_scheme} eq "(unknown)") { - $disabled{threads} = "unavailable"; + disable("unavailable", 'threads'); } } else { # The user chose to enable threads explicitly, let's see @@ -1307,8 +1332,7 @@ unless ($disabled{threads}) { # system-dependent compiler options that are necessary. We # can't truly check that the given options are correct, but # we expect the user to know what [s]He is doing. - if (!@{$user{CFLAGS}} && !@{$useradd{CFLAGS}} - && !@{$user{CPPDEFINES}} && !@{$useradd{CPPDEFINES}}) { + if (!@{$config{CFLAGS}} && !@{$config{CPPDEFINES}}) { die "You asked for multi-threading support, but didn't\n" ,"provide any system-specific compiler options\n"; } @@ -1332,8 +1356,7 @@ if ($target{shared_target} eq "") { $no_shared_warn = 1 if (!$disabled{shared} || !$disabled{"dynamic-engine"}); - $disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} = - $disabled{module} = "no-shared-target"; + disable('no-shared-target', 'pic'); } if ($disabled{"dynamic-engine"}) { @@ -1482,7 +1505,7 @@ if (!$disabled{makedepend}) { # In all other cases, we look for 'makedepend', and disable the # capability if not found. $config{makedepprog} = which('makedepend'); - $disabled{makedepend} = "unavailable" unless $config{makedepprog}; + disable('unavailable', 'makedepend') unless $config{makedepprog}; } } @@ -1569,12 +1592,17 @@ if ($strict_warnings) @{$clang_devteam_warn{CXXFLAGS}} if (defined($predefined_CXX{__clang__})); } + +if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { + disable('static', 'pic', 'threads'); +} + foreach my $idx (qw(CFLAGS CXXFLAGS)) { - $useradd{$idx} = [ map { $_ eq '--ossl-strict-warnings' - ? @{$strict_warnings_collection{$idx}} - : ( $_ ) } - @{$useradd{$idx}} ]; + $config{$idx} = [ map { $_ eq '--ossl-strict-warnings' + ? @{$strict_warnings_collection{$idx}} + : ( $_ ) } + @{$config{$idx}} ]; } unless ($disabled{"crypto-mdebug-backtrace"}) @@ -1603,15 +1631,15 @@ unless ($disabled{afalgeng}) { ($mi2) = $mi2 =~ /(\d+)/; my $ver = $ma*10000 + $mi1*100 + $mi2; if ($ver < $minver) { - $disabled{afalgeng} = "too-old-kernel"; + disable('too-old-kernel', 'afalgeng'); } else { push @{$config{engdirs}}, "afalg"; } } else { - $disabled{afalgeng} = "cross-compiling"; + disable('cross-compiling', 'afalgeng'); } } else { - $disabled{afalgeng} = "not-linux"; + disable('not-linux', 'afalgeng'); } } @@ -1629,29 +1657,15 @@ unless ($disabled{ktls}) { my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`); if ($verstr[2] < $minver) { - $disabled{ktls} = "too-old-kernel"; + disable('too-old-kernel', 'ktls'); } } else { - $disabled{ktls} = "not-linux"; + disable('not-linux', 'ktls'); } } push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls}); -# Finish up %config by appending things the user gave us on the command line -# apart from "make variables" -foreach (keys %useradd) { - # The must all be lists, so we assert that here - die "internal error: \$useradd{$_} isn't an ARRAY\n" - unless ref $useradd{$_} eq 'ARRAY'; - - if (defined $config{$_}) { - push @{$config{$_}}, @{$useradd{$_}}; - } else { - $config{$_} = [ @{$useradd{$_}} ]; - } -} - # ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON # If we use the unified build, collect information from build.info files From levitte at openssl.org Tue Apr 23 10:48:16 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Apr 2019 10:48:16 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1556016496.664624.29987.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via aacae7a915c2b872f98eaefca67b6d0c58d223aa (commit) via 007213795a0e15901cbdc4558ae2a8c21d3ad9bb (commit) via b8fdfd93f81fab35b8802d39ea2f421eabf4c605 (commit) from 1711a62686e3d55767ba067a4fd1a18ceec69d3f (commit) - Log ----------------------------------------------------------------- commit aacae7a915c2b872f98eaefca67b6d0c58d223aa Author: Richard Levitte Date: Tue Apr 23 09:41:19 2019 +0200 Configure: make disabling stuff easier and safer Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit 71ef78d71f638c7de893c635ee9b0fd16247c762) commit 007213795a0e15901cbdc4558ae2a8c21d3ad9bb Author: Richard Levitte Date: Tue Apr 23 09:29:45 2019 +0200 Configure: recognise -static even if given through variables Fixes #8787 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit 4650d10ff6ad1048785a009349c8b5d6e922fc7a) commit b8fdfd93f81fab35b8802d39ea2f421eabf4c605 Author: Richard Levitte Date: Tue Apr 23 09:24:38 2019 +0200 Configure: merge all of %user and %useradd into %config earlier This came about with the realisation that upper case CFLAGS, LDFLAGS and so on aren't treated much after that, and this makes figuring out user added flags significantly easier, just look in %config. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit c1a09254e4c763b62811bc412afa1498699fce50) ----------------------------------------------------------------------- Summary of changes: Configure | 99 ++++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 56 insertions(+), 43 deletions(-) diff --git a/Configure b/Configure index 114ee9b..1c804cb 100755 --- a/Configure +++ b/Configure @@ -860,9 +860,6 @@ while (@argvcopy) elsif (/^-static$/) { push @{$useradd{LDFLAGS}}, $_; - $disabled{"pic"} = "forced"; - $disabled{"shared"} = "forced"; - $disabled{"threads"} = "forced"; } elsif (/^-D(.*)$/) { @@ -974,20 +971,30 @@ if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFLAGS}} : ()) "***** any of asan, msan or ubsan\n"; } -my @tocheckfor = (keys %disabled); -while (@tocheckfor) { - my %new_tocheckfor = (); - my @cascade_copy = (@disable_cascades); - while (@cascade_copy) { - my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy); - if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { - foreach(grep { !defined($disabled{$_}) } @$descendents) { - $new_tocheckfor{$_} = 1; $disabled{$_} = "forced"; +sub disable { + my $disable_type = shift; + + for (@_) { + $disabled{$_} = $disable_type; + } + + my @tocheckfor = (@_ ? @_ : keys %disabled); + while (@tocheckfor) { + my %new_tocheckfor = (); + my @cascade_copy = (@disable_cascades); + while (@cascade_copy) { + my ($test, $descendents) = + (shift @cascade_copy, shift @cascade_copy); + if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { + foreach (grep { !defined($disabled{$_}) } @$descendents) { + $new_tocheckfor{$_} = 1; $disabled{$_} = "cascade"; + } } } + @tocheckfor = (keys %new_tocheckfor); } - @tocheckfor = (keys %new_tocheckfor); } +disable(); # First cascade run our $die = sub { die @_; }; if ($target eq "TABLE") { @@ -1112,6 +1119,8 @@ $target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_l my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); $config{conf_files} = [ sort keys %conf_files ]; +# Using sub disable within these loops may prove fragile, so we run +# a cascade afterwards foreach my $feature (@{$target{disable}}) { if (exists $deprecated_disablables{$feature}) { warn "***** config $target disables deprecated feature $feature\n"; @@ -1130,6 +1139,7 @@ foreach my $feature (@{$target{enable}}) { delete $disabled{$feature}; } } +disable(); # Run a cascade now $target{CXXFLAGS}//=$target{CFLAGS} if $target{CXX}; $target{cxxflags}//=$target{cflags} if $target{CXX}; @@ -1179,6 +1189,22 @@ foreach (keys %user) { delete $config{$_} unless defined $config{$_}; } +# Finish up %config by appending things the user gave us on the command line +# apart from "make variables" +foreach (keys %useradd) { + # The must all be lists, so we assert that here + die "internal error: \$useradd{$_} isn't an ARRAY\n" + unless ref $useradd{$_} eq 'ARRAY'; + + if (defined $config{$_}) { + push @{$config{$_}}, @{$useradd{$_}}; + } else { + $config{$_} = [ @{$useradd{$_}} ]; + } +} +# At this point, we can forget everything about %user and %useradd, +# because it's now all been merged into the corresponding $config entry + # Allow overriding the build file name $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; @@ -1255,8 +1281,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) } if ($target =~ /linux.*-mips/ && !$disabled{asm} - && !grep { $_ !~ /-m(ips|arch=)/ } (@{$user{CFLAGS}}, - @{$useradd{CFLAGS}})) { + && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { # minimally required architecture flags for assembly modules my $value; $value = '-mips2' if ($target =~ /mips32/); @@ -1270,7 +1295,7 @@ unless ($disabled{threads}) { if ($auto_threads) { # Enabled by default, disable it forcibly if unavailable if ($target{thread_scheme} eq "(unknown)") { - $disabled{threads} = "unavailable"; + disable("unavailable", 'threads'); } } else { # The user chose to enable threads explicitly, let's see @@ -1281,8 +1306,7 @@ unless ($disabled{threads}) { # system-dependent compiler options that are necessary. We # can't truly check that the given options are correct, but # we expect the user to know what [s]He is doing. - if (!@{$user{CFLAGS}} && !@{$useradd{CFLAGS}} - && !@{$user{CPPDEFINES}} && !@{$useradd{CPPDEFINES}}) { + if (!@{$config{CFLAGS}} && !@{$config{CPPDEFINES}}) { die "You asked for multi-threading support, but didn't\n" ,"provide any system-specific compiler options\n"; } @@ -1306,9 +1330,7 @@ if ($target{shared_target} eq "") { $no_shared_warn = 1 if (!$disabled{shared} || !$disabled{"dynamic-engine"}); - $disabled{shared} = "no-shared-target"; - $disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} = - "no-shared-target"; + disable('no-shared-target', 'pic'); } if ($disabled{"dynamic-engine"}) { @@ -1457,7 +1479,7 @@ if (!$disabled{makedepend}) { # In all other cases, we look for 'makedepend', and disable the # capability if not found. $config{makedepprog} = which('makedepend'); - $disabled{makedepend} = "unavailable" unless $config{makedepprog}; + disable('unavailable', 'makedepend') unless $config{makedepprog}; } } @@ -1546,12 +1568,17 @@ if ($strict_warnings) @{$clang_devteam_warn{CXXFLAGS}} if (defined($predefined_CXX{__clang__})); } + +if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { + disable('static', 'pic', 'threads'); +} + foreach my $idx (qw(CFLAGS CXXFLAGS)) { - $useradd{$idx} = [ map { $_ eq '--ossl-strict-warnings' - ? @{$strict_warnings_collection{$idx}} - : ( $_ ) } - @{$useradd{$idx}} ]; + $config{$idx} = [ map { $_ eq '--ossl-strict-warnings' + ? @{$strict_warnings_collection{$idx}} + : ( $_ ) } + @{$config{$idx}} ]; } unless ($disabled{"crypto-mdebug-backtrace"}) @@ -1580,34 +1607,20 @@ unless ($disabled{afalgeng}) { ($mi2) = $mi2 =~ /(\d+)/; my $ver = $ma*10000 + $mi1*100 + $mi2; if ($ver < $minver) { - $disabled{afalgeng} = "too-old-kernel"; + disable('too-old-kernel', 'afalgeng'); } else { push @{$config{engdirs}}, "afalg"; } } else { - $disabled{afalgeng} = "cross-compiling"; + disable('cross-compiling', 'afalgeng'); } } else { - $disabled{afalgeng} = "not-linux"; + disable('not-linux', 'afalgeng'); } } push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng}); -# Finish up %config by appending things the user gave us on the command line -# apart from "make variables" -foreach (keys %useradd) { - # The must all be lists, so we assert that here - die "internal error: \$useradd{$_} isn't an ARRAY\n" - unless ref $useradd{$_} eq 'ARRAY'; - - if (defined $config{$_}) { - push @{$config{$_}}, @{$useradd{$_}}; - } else { - $config{$_} = [ @{$useradd{$_}} ]; - } -} - # ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON # If we use the unified build, collect information from build.info files From builds at travis-ci.org Tue Apr 23 11:15:42 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Apr 2019 11:15:42 +0000 Subject: Errored: openssl/openssl#24886 (OpenSSL_1_1_1-stable - aacae7a) In-Reply-To: Message-ID: <5cbef3ddcb4bc_43fc75b479e6c10994a@857b38c5-df79-4f94-aa26-4d869f2b362a.mail> Build Update for openssl/openssl ------------------------------------- Build: #24886 Status: Errored Duration: 25 mins and 24 secs Commit: aacae7a (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: Configure: make disabling stuff easier and safer Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit 71ef78d71f638c7de893c635ee9b0fd16247c762) View the changeset: https://github.com/openssl/openssl/compare/1711a62686e3...aacae7a915c2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/523423786?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 23 11:02:53 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Apr 2019 11:02:53 +0000 Subject: Still Failing: openssl/openssl#24885 (master - 71ef78d) In-Reply-To: Message-ID: <5cbef0dc88d1e_43fc079579620137059@448b3f13-2535-4202-a072-e53497331ce6.mail> Build Update for openssl/openssl ------------------------------------- Build: #24885 Status: Still Failing Duration: 18 mins and 37 secs Commit: 71ef78d (master) Author: Richard Levitte Message: Configure: make disabling stuff easier and safer Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8812) View the changeset: https://github.com/openssl/openssl/compare/33b40a1027bf...71ef78d71f63 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/523421974?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Apr 23 13:53:20 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Apr 2019 13:53:20 +0000 Subject: [openssl] master update Message-ID: <1556027600.660392.27267.nullmailer@dev.openssl.org> The branch master has been updated via 0109e030db9207a47e195b4c3a3b13e9017f0ed2 (commit) via 47ca8338358b01ef429a3801ce6173f7a0791674 (commit) from 71ef78d71f638c7de893c635ee9b0fd16247c762 (commit) - Log ----------------------------------------------------------------- commit 0109e030db9207a47e195b4c3a3b13e9017f0ed2 Author: Richard Levitte Date: Tue Apr 9 14:39:54 2019 +0200 Add a way for the application to get OpenSSL configuration data OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for display, but if all you really want is the directory itself, you were forced to parsed the string. This introduces a new function to get diverse configuration data from the library, OPENSSL_info(). This works the same way as OpenSSL_version(), but has its own series of types, currently including: OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR OPENSSL_INFO_MODULES_DIR returns MODULESDIR OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator OPENSSL_INFO_LIST_SEPARATOR returns list separator For scripting purposes, this also adds the command 'openssl info'. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8709) commit 47ca8338358b01ef429a3801ce6173f7a0791674 Author: Richard Levitte Date: Tue Apr 9 14:33:29 2019 +0200 Add the possibility to display and use MODULESDIR This adds the flag OPENSSL_MODULES_DIR for OpenSSL_version(), and the flag '-m' for 'openssl version'. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8709) ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 +++ NEWS | 1 + apps/build.info | 3 +- apps/info.c | 97 ++++++++++++++++++++++++++++++++++++++++++++ apps/progs.pl | 3 ++ apps/version.c | 13 ++++-- crypto/build.info | 2 +- crypto/cversion.c | 6 +++ crypto/info.c | 44 ++++++++++++++++++++ doc/man1/info.pod | 81 ++++++++++++++++++++++++++++++++++++ doc/man1/openssl.pod | 4 ++ doc/man3/OpenSSL_version.pod | 47 ++++++++++++++++++++- include/openssl/crypto.h | 13 ++++++ util/libcrypto.num | 1 + 14 files changed, 313 insertions(+), 7 deletions(-) create mode 100644 apps/info.c create mode 100644 crypto/info.c create mode 100644 doc/man1/info.pod diff --git a/CHANGES b/CHANGES index 164787c..d0e2d3a 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,11 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Added OPENSSL_info() to get diverse built-in OpenSSL data, such + as default directories. Also added the command 'openssl info' + for scripting purposes. + [Richard Levitte] + *) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been deprecated. These undocumented functions were never integrated into the EVP layer and implement the AES Infinite Garble Extension (IGE) mode and AES diff --git a/NEWS b/NEWS index 3c38c78..0800b76 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development] + o Add OPENSSL_info() and 'openssl info' to get built-in data. o Add support for enabling instrumentation through trace and debug output. o Changed our version number scheme and set the next major release to diff --git a/apps/build.info b/apps/build.info index ad14038..30847a0 100644 --- a/apps/build.info +++ b/apps/build.info @@ -5,7 +5,8 @@ genpkey.c genrsa.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c - spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c); + spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c + info.c); our @apps_lib_src = ( qw(apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c bf_prefix.c), diff --git a/apps/info.c b/apps/info.c new file mode 100644 index 0000000..aa019ad --- /dev/null +++ b/apps/info.c @@ -0,0 +1,97 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "apps.h" +#include "progs.h" + +typedef enum OPTION_choice { + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, + OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP, + OPT_LISTSEP +} OPTION_CHOICE; + +const OPTIONS info_options[] = { + {"help", OPT_HELP, '-', "Display this summary"}, + {"configdir", OPT_CONFIGDIR, '-', "Default configuration file directory"}, + {"c", OPT_CONFIGDIR, '-', "Default configuration file directory"}, + {"enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory"}, + {"e", OPT_ENGINESDIR, '-', "Default engine module directory"}, + {"modulesdir", OPT_ENGINESDIR, '-', + "Default module directory (other than engine modules)"}, + {"m", OPT_ENGINESDIR, '-', + "Default module directory (other than engine modules)"}, + {"dsoext", OPT_DSOEXT, '-', "Configured extension for modules"}, + {"dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator"}, + {"listsep", OPT_LISTSEP, '-', "List separator character"}, + {NULL} +}; + +int info_main(int argc, char **argv) +{ + int ret = 1, dirty = 0, type = 0; + char *prog; + OPTION_CHOICE o; + + prog = opt_init(argc, argv, info_options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + goto end; + case OPT_HELP: + opt_help(info_options); + ret = 0; + goto end; + case OPT_CONFIGDIR: + type = OPENSSL_INFO_CONFIG_DIR; + dirty++; + break; + case OPT_ENGINESDIR: + type = OPENSSL_INFO_ENGINES_DIR; + dirty++; + break; + case OPT_MODULESDIR: + type = OPENSSL_INFO_MODULES_DIR; + dirty++; + break; + case OPT_DSOEXT: + type = OPENSSL_INFO_DSO_EXTENSION; + dirty++; + break; + case OPT_DIRNAMESEP: + type = OPENSSL_INFO_DIR_FILENAME_SEPARATOR; + dirty++; + break; + case OPT_LISTSEP: + type = OPENSSL_INFO_LIST_SEPARATOR; + dirty++; + break; + } + } + if (opt_num_rest() != 0) { + BIO_printf(bio_err, "%s: Extra parameters given.\n", prog); + goto opthelp; + } + if (dirty > 1) { + BIO_printf(bio_err, "%s: Only one item allowed\n", prog); + goto opthelp; + } + if (dirty == 0) { + BIO_printf(bio_err, "%s: No items chosen\n", prog); + goto opthelp; + } + + BIO_printf(bio_out, "%s\n", OPENSSL_info(type)); + ret = 0; + end: + return ret; +} diff --git a/apps/progs.pl b/apps/progs.pl index ab1a729..3aec756 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -51,6 +51,9 @@ print <<"EOF"; * https://www.openssl.org/source/license.html */ +#include +#include "opt.h" + typedef enum FUNC_TYPE { FT_none, FT_general, FT_md, FT_cipher, FT_pkey, FT_md_alg, FT_cipher_alg diff --git a/apps/version.c b/apps/version.c index f9d280c..279aeff 100644 --- a/apps/version.c +++ b/apps/version.c @@ -33,7 +33,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_B, OPT_D, OPT_E, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R + OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R } OPTION_CHOICE; const OPTIONS version_options[] = { @@ -42,6 +42,7 @@ const OPTIONS version_options[] = { {"b", OPT_B, '-', "Show build date"}, {"d", OPT_D, '-', "Show configuration directory"}, {"e", OPT_E, '-', "Show engines directory"}, + {"m", OPT_M, '-', "Show modules directory"}, {"f", OPT_F, '-', "Show compiler flags used"}, {"o", OPT_O, '-', "Show some internal datatype options"}, {"p", OPT_P, '-', "Show target build platform"}, @@ -64,7 +65,7 @@ int version_main(int argc, char **argv) { int ret = 1, dirty = 0, seed = 0; int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; - int engdir = 0; + int engdir = 0, moddir = 0; char *prog; OPTION_CHOICE o; @@ -89,6 +90,9 @@ opthelp: case OPT_E: dirty = engdir = 1; break; + case OPT_M: + dirty = moddir = 1; + break; case OPT_F: dirty = cflags = 1; break; @@ -105,7 +109,8 @@ opthelp: dirty = version = 1; break; case OPT_A: - seed = options = cflags = version = date = platform = dir = engdir + seed = options = cflags = version = date = platform + = dir = engdir = moddir = 1; break; } @@ -155,6 +160,8 @@ opthelp: printf("%s\n", OpenSSL_version(OPENSSL_DIR)); if (engdir) printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR)); + if (moddir) + printf("%s\n", OpenSSL_version(OPENSSL_MODULES_DIR)); if (seed) { printf("Seeding source:"); #ifdef OPENSSL_RAND_SEED_RTDSC diff --git a/crypto/build.info b/crypto/build.info index 77dcffb..30dcf8c 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -14,7 +14,7 @@ SOURCE[../libcrypto]=provider_core.c provider_predefined.c provider_conf.c \ # Central utilities SOURCE[../libcrypto]=\ - cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ + cryptlib.c mem.c mem_dbg.c cversion.c info.c ex_data.c cpt_err.c \ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \ threads_pthread.c threads_win.c threads_none.c getenv.c \ o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \ diff --git a/crypto/cversion.c b/crypto/cversion.c index db25fd6..aef84e9 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -70,6 +70,12 @@ const char *OpenSSL_version(int t) #else return "ENGINESDIR: N/A"; #endif + case OPENSSL_MODULES_DIR: +#ifdef MODULESDIR + return "MODULESDIR: \"" MODULESDIR "\""; +#else + return "MODULESDIR: N/A"; +#endif } return "not available"; } diff --git a/crypto/info.c b/crypto/info.c new file mode 100644 index 0000000..5a929dd --- /dev/null +++ b/crypto/info.c @@ -0,0 +1,44 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/dso_conf.h" +#include "e_os.h" + +const char *OPENSSL_info(int t) +{ + switch (t) { + case OPENSSL_INFO_CONFIG_DIR: + return OPENSSLDIR; + case OPENSSL_INFO_ENGINES_DIR: + return ENGINESDIR; + case OPENSSL_INFO_MODULES_DIR: + return MODULESDIR; + case OPENSSL_INFO_DSO_EXTENSION: + return DSO_EXTENSION; + case OPENSSL_INFO_DIR_FILENAME_SEPARATOR: +#if defined(_WIN32) + return "\\"; +#elif defined(__VMS) + return ""; +#else /* Assume POSIX */ + return "/"; +#endif + case OPENSSL_INFO_LIST_SEPARATOR: + { + static const char list_sep[] = { LIST_SEPARATOR_CHAR, '\0' }; + return list_sep; + } + default: + break; + } + /* Not an error */ + return NULL; +} diff --git a/doc/man1/info.pod b/doc/man1/info.pod new file mode 100644 index 0000000..6eddf0f --- /dev/null +++ b/doc/man1/info.pod @@ -0,0 +1,81 @@ +=pod + +=head1 NAME + +openssl-info, +info - print OpenSSL built-in information + +=head1 SYNOPSIS + +B +[B<-help>] +[B<-configdir> | B<-c>] +[B<-enginesdir> | B<-e>] +[B<-modulesdir> | B<-m>] +[B<-dsoext>] +[B<-dirfilesep>] +[B<-listsep]> + +=head1 DESCRIPTION + +This command is used to print out information about OpenSSL. +The information is written exactly as it is with no extra text, which +makes useful for scripts. + +As a consequence, only one item may be chosen for each run of this +command. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Print out a usage message. + +=item B<-configdir>, B<-c> + +Outputs the default directory for OpenSSL configuration files. + +=item B<-enginesdir>, B<-e> + +Outputs the default directory for OpenSSL engine modules. + +=item B<-modulesdir>, B<-m> + +Outputs the default directory for OpenSSL dynamically loadable modules +other than engine modules. + +=item B<-dsoext> + +Outputs the DSO extension OpenSSL uses. + +=item B<-dirnamesep> + +Outputs the separator character between a directory specification and +a file name. +Note that on some operating systems, this is not the same as the +separator between directory elements. + +=item B<-listsep> + +Outputs the OpenSSL list separator character. +This is typically used to construct C<$PATH> (C<%PATH%> on Windows) +style lists. + +=back + +=head1 HISTORY + +The B command was added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 5f6f8d3..e41c76a 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -167,6 +167,10 @@ Generation of Private Key or Parameters. Generation of RSA Private Key. Superseded by L. +=item B + +Display diverse information built into the OpenSSL libraries. + =item B Message Authentication Code Calculation. diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index 679273e..c1ced64 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -8,8 +8,8 @@ OPENSSL_VERSION_PRE_RELEASE_STR, OPENSSL_VERSION_BUILD_METADATA_STR, OPENSSL_VERSION_TEXT, OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch, OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version, -OPENSSL_VERSION_NUMBER, OpenSSL_version_num -- get OpenSSL version number +OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info +- get OpenSSL version number and other information =head1 SYNOPSIS @@ -37,6 +37,8 @@ OPENSSL_VERSION_NUMBER, OpenSSL_version_num const char *OpenSSL_version(int t); + const char *OPENSSL_info(int t); + Deprecated: /* from openssl/opensslv.h */ @@ -127,6 +129,47 @@ if available or "ENGINESDIR: N/A" otherwise. For an unknown B, the text "not available" is returned. +OPENSSL_info() also returns different strings depending on B: + +=over 4 + +=item OPENSSL_INFO_CONFIG_DIR + +The configured C, which is the default location for +OpenSSL configuration files. + +=item OPENSSL_INFO_ENGINES_DIR + +The configured C, which is the default location for +OpenSSL engines. + +=item OPENSSL_INFO_MODULES_DIR + +The configured C, which is the default location for +dynamically loadable OpenSSL modules other than engines. + +=item OPENSSL_INFO_DSO_EXTENSION + +The configured dynamically loadable module extension. + +=item OPENSSL_INFO_DIR_FILENAME_SEPARATOR + +The separator between a directory specification and a file name. +Note that on some operating systems, this is not the same as the +separator between directory elements. + +=item OPENSSL_INFO_LIST_SEPARATOR + +The OpenSSL list separator. +This is typically used in strings that are lists of items, such as the +value of the environment variable C<$PATH> on Unix (where the +separator is ":") or C<%PATH%> on Windows (where the separator is +";"). + +=back + +For an unknown B, NULL is returned. + =head1 BACKWARD COMPATIBILITY For compatibility, some older macros and functions are retained or diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index deb369e..a7e78e4 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -163,6 +163,19 @@ const char *OpenSSL_version(int type); # define OPENSSL_ENGINES_DIR 5 # define OPENSSL_VERSION_STRING 6 # define OPENSSL_FULL_VERSION_STRING 7 +# define OPENSSL_MODULES_DIR 8 + +const char *OPENSSL_info(int type); +/* + * The series starts at 1001 to avoid confusion with the OpenSSL_version + * types. + */ +# define OPENSSL_INFO_CONFIG_DIR 1001 +# define OPENSSL_INFO_ENGINES_DIR 1002 +# define OPENSSL_INFO_MODULES_DIR 1003 +# define OPENSSL_INFO_DSO_EXTENSION 1004 +# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 +# define OPENSSL_INFO_LIST_SEPARATOR 1006 int OPENSSL_issetugid(void); diff --git a/util/libcrypto.num b/util/libcrypto.num index b9be349..8259ddb 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4799,3 +4799,4 @@ EC_GROUP_check_named_curve 4746 3_0_0 EXIST::FUNCTION:EC EVP_CIPHER_upref 4747 3_0_0 EXIST::FUNCTION: EVP_CIPHER_fetch 4748 3_0_0 EXIST::FUNCTION: EVP_CIPHER_mode 4749 3_0_0 EXIST::FUNCTION: +OPENSSL_info 4750 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Tue Apr 23 14:16:18 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 23 Apr 2019 14:16:18 +0000 Subject: Still Failing: openssl/openssl#24889 (master - 0109e03) In-Reply-To: Message-ID: <5cbf1e3291f93_43fc07a536e5021244e@448b3f13-2535-4202-a072-e53497331ce6.mail> Build Update for openssl/openssl ------------------------------------- Build: #24889 Status: Still Failing Duration: 22 mins and 23 secs Commit: 0109e03 (master) Author: Richard Levitte Message: Add a way for the application to get OpenSSL configuration data OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for display, but if all you really want is the directory itself, you were forced to parsed the string. This introduces a new function to get diverse configuration data from the library, OPENSSL_info(). This works the same way as OpenSSL_version(), but has its own series of types, currently including: OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR OPENSSL_INFO_MODULES_DIR returns MODULESDIR OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator OPENSSL_INFO_LIST_SEPARATOR returns list separator For scripting purposes, this also adds the command 'openssl info'. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8709) View the changeset: https://github.com/openssl/openssl/compare/71ef78d71f63...0109e030db92 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/523500321?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 24 01:45:42 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Apr 2019 01:45:42 +0000 Subject: Build failed: openssl master.24302 Message-ID: <20190424014542.1.F5F023B2E3C468FC@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Apr 24 01:47:44 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 24 Apr 2019 01:47:44 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec2m Message-ID: <1556070464.512021.32340.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec2m Commit log since last time: 0109e030db Add a way for the application to get OpenSSL configuration data 47ca833835 Add the possibility to display and use MODULESDIR 71ef78d71f Configure: make disabling stuff easier and safer 4650d10ff6 Configure: recognise -static even if given through variables c1a09254e4 Configure: merge all of %user and %useradd into %config earlier 33b40a1027 If key or iv is NULL set the respective length to 0 361ecb1d1a Fix EVP_CIPHER_CTX_rand_key() a5cf198bad Fix no-ec2m From no-reply at appveyor.com Wed Apr 24 02:33:54 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Apr 2019 02:33:54 +0000 Subject: Build completed: openssl master.24303 Message-ID: <20190424023354.1.3302A2F595138A87@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Apr 24 05:46:46 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 24 Apr 2019 05:46:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1556084806.659343.14607.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 0109e030db Add a way for the application to get OpenSSL configuration data 47ca833835 Add the possibility to display and use MODULESDIR 71ef78d71f Configure: make disabling stuff easier and safer 4650d10ff6 Configure: recognise -static even if given through variables c1a09254e4 Configure: merge all of %user and %useradd into %config earlier 33b40a1027 If key or iv is NULL set the respective length to 0 361ecb1d1a Fix EVP_CIPHER_CTX_rand_key() a5cf198bad Fix no-ec2m Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:36: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:41: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6920: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Wed Apr 24 05:58:15 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 24 Apr 2019 05:58:15 +0000 Subject: [openssl] master update Message-ID: <1556085495.324465.26482.nullmailer@dev.openssl.org> The branch master has been updated via bacc3081309ef4489b78d1ee8bf04122785ba588 (commit) from 0109e030db9207a47e195b4c3a3b13e9017f0ed2 (commit) - Log ----------------------------------------------------------------- commit bacc3081309ef4489b78d1ee8bf04122785ba588 Author: Richard Levitte Date: Wed Apr 17 22:30:03 2019 +0200 Recognise clang -fsanitize options and translate them Because we depend on knowing if clang's address, memory or undefinedbehavior sanitizers are enabled, we make an extra effort to detect them among the C flags, and adjust the %disabled values accordingly. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8778) ----------------------------------------------------------------------- Summary of changes: Configure | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/Configure b/Configure index f9533bd..8b6d237 100755 --- a/Configure +++ b/Configure @@ -1340,6 +1340,27 @@ unless ($disabled{threads}) { } } +# Find out if clang's sanitizers have been enabled with -fsanitize +# flags and ensure that the corresponding %disabled elements area +# removed to reflect that the sanitizers are indeed enabled. +my %detected_sanitizers = (); +foreach (grep /^-fsanitize=/, @{$config{CFLAGS} || []}) { + (my $checks = $_) =~ s/^-fsanitize=//; + foreach (split /,/, $checks) { + my $d = { address => 'asan', + undefined => 'ubsan', + memory => 'msan' } -> {$_}; + next unless defined $d; + + $detected_sanitizers{$d} = 1; + if (defined $disabled{$d}) { + die "***** Conflict between disabling $d and enabling $_ sanitizer" + if $disabled{$d} ne "default"; + delete $disabled{$d}; + } + } +} + # If threads still aren't disabled, add a C macro to ensure the source # code knows about it. Any other flag is taken care of by the configs. unless($disabled{threads}) { @@ -1367,12 +1388,12 @@ if ($disabled{"dynamic-engine"}) { $config{dynamic_engines} = 1; } -unless ($disabled{asan}) { +unless ($disabled{asan} || defined $detected_sanitizers{asan}) { push @{$config{cflags}}, "-fsanitize=address"; push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX}; } -unless ($disabled{ubsan}) { +unless ($disabled{ubsan} || defined $detected_sanitizers{ubsan}) { # -DPEDANTIC or -fnosanitize=alignment may also be required on some # platforms. push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"; @@ -1380,7 +1401,7 @@ unless ($disabled{ubsan}) { if $config{CXX}; } -unless ($disabled{msan}) { +unless ($disabled{msan} || defined $detected_sanitizers{msan}) { push @{$config{cflags}}, "-fsanitize=memory"; push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX}; } From builds at travis-ci.org Wed Apr 24 06:16:30 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Apr 2019 06:16:30 +0000 Subject: Still Failing: openssl/openssl#24900 (master - bacc308) In-Reply-To: Message-ID: <5cbfff3de194d_43fa578818f78599d5@ffdbcfbb-9031-4495-a7dc-f88b4b526bd9.mail> Build Update for openssl/openssl ------------------------------------- Build: #24900 Status: Still Failing Duration: 17 mins and 35 secs Commit: bacc308 (master) Author: Richard Levitte Message: Recognise clang -fsanitize options and translate them Because we depend on knowing if clang's address, memory or undefinedbehavior sanitizers are enabled, we make an extra effort to detect them among the C flags, and adjust the %disabled values accordingly. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/8778) View the changeset: https://github.com/openssl/openssl/compare/0109e030db92...bacc3081309e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/523814773?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Apr 24 09:57:46 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 24 Apr 2019 09:57:46 +0000 Subject: [openssl] master update Message-ID: <1556099866.782943.20381.nullmailer@dev.openssl.org> The branch master has been updated via 07822c515574223c2958fcddd52191cfbf9aefcd (commit) via c54492ecf8331fd87f6ac163f9fc5b576af128e8 (commit) from bacc3081309ef4489b78d1ee8bf04122785ba588 (commit) - Log ----------------------------------------------------------------- commit 07822c515574223c2958fcddd52191cfbf9aefcd Author: Shane Lontis Date: Tue Apr 23 19:17:40 2019 +1000 added openssl app 'kdf' and 'mac' to the NEWS and CHANGES docs Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8762) commit c54492ecf8331fd87f6ac163f9fc5b576af128e8 Author: Shane Lontis Date: Tue Apr 16 20:10:04 2019 +1000 Added app for EVP_KDF Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8762) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++ NEWS | 4 ++ apps/build.info | 2 +- apps/kdf.c | 158 ++++++++++++++++++++++++++++++++++++++++++ doc/man1/kdf.pod | 167 +++++++++++++++++++++++++++++++++++++++++++++ doc/man1/openssl.pod | 8 ++- doc/man3/EVP_KDF_CTX.pod | 5 +- test/recipes/20-test_kdf.t | 78 +++++++++++++++++++++ 8 files changed, 423 insertions(+), 5 deletions(-) create mode 100644 apps/kdf.c create mode 100644 doc/man1/kdf.pod create mode 100644 test/recipes/20-test_kdf.t diff --git a/CHANGES b/CHANGES index d0e2d3a..a5d6950 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,12 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Added command 'openssl kdf' that uses the EVP_KDF API. + [Shane Lontis] + + *) Added command 'openssl mac' that uses the EVP_MAC API. + [Shane Lontis] + *) Added OPENSSL_info() to get diverse built-in OpenSSL data, such as default directories. Also added the command 'openssl info' for scripting purposes. diff --git a/NEWS b/NEWS index 0800b76..6c79bc2 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development] + o Added 'openssl mac' that uses the EVP_MAC API. + o Added 'openssl kdf' that uses the EVP_KDF API. o Add OPENSSL_info() and 'openssl info' to get built-in data. o Add support for enabling instrumentation through trace and debug output. @@ -15,6 +17,8 @@ o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC bridge. o Removed the heartbeat message in DTLS feature. + o Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF + bridge. Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] diff --git a/apps/build.info b/apps/build.info index 30847a0..cbb70fc 100644 --- a/apps/build.info +++ b/apps/build.info @@ -2,7 +2,7 @@ qw(openssl.c asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c - genpkey.c genrsa.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c + genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c diff --git a/apps/kdf.c b/apps/kdf.c new file mode 100644 index 0000000..684fd44 --- /dev/null +++ b/apps/kdf.c @@ -0,0 +1,158 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include + +typedef enum OPTION_choice { + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, + OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT +} OPTION_CHOICE; + +const OPTIONS kdf_options[] = { + {OPT_HELP_STR, 1, '-', "Usage: %s [options] kdf_name\n"}, + {OPT_HELP_STR, 1, '-', "kdf_name\t KDF algorithm.\n"}, + {"help", OPT_HELP, '-', "Display this summary"}, + {"kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form. " + "See 'Supported Controls' in the EVP_KDF_ docs"}, + {"keylen", OPT_KEYLEN, 's', "The size of the output derived key"}, + {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, + {"binary", OPT_BIN, '-', "Output in binary format (Default is hexadecimal " + "output)"}, + {NULL} +}; + +static int kdf_ctrl_string(EVP_KDF_CTX *ctx, const char *value) +{ + int rv; + char *stmp, *vtmp = NULL; + + stmp = OPENSSL_strdup(value); + if (stmp == NULL) + return -1; + vtmp = strchr(stmp, ':'); + if (vtmp != NULL) { + *vtmp = 0; + vtmp++; + } + rv = EVP_KDF_ctrl_str(ctx, stmp, vtmp); + OPENSSL_free(stmp); + return rv; +} + +int kdf_main(int argc, char **argv) +{ + int ret = 1, i, id, out_bin = 0; + OPTION_CHOICE o; + STACK_OF(OPENSSL_STRING) *opts = NULL; + char *prog, *hexout = NULL; + const char *outfile = NULL; + unsigned char *dkm_bytes = NULL; + size_t dkm_len = 0; + BIO *out = NULL; + EVP_KDF_CTX *ctx = NULL; + + prog = opt_init(argc, argv, kdf_options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + default: +opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + goto err; + case OPT_HELP: + opt_help(kdf_options); + ret = 0; + goto err; + case OPT_BIN: + out_bin = 1; + break; + case OPT_KEYLEN: + dkm_len = (size_t)atoi(opt_arg()); + break; + case OPT_OUT: + outfile = opt_arg(); + break; + case OPT_KDFOPT: + if (opts == NULL) + opts = sk_OPENSSL_STRING_new_null(); + if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg())) + goto opthelp; + break; + } + } + argc = opt_num_rest(); + argv = opt_rest(); + + if (argc != 1) { + BIO_printf(bio_err, "Invalid number of extra arguments\n"); + goto opthelp; + } + + id = OBJ_sn2nid(argv[0]); + if (id == NID_undef) { + BIO_printf(bio_err, "Invalid KDF name %s\n", argv[0]); + goto opthelp; + } + + ctx = EVP_KDF_CTX_new_id(id); + if (ctx == NULL) + goto err; + + if (opts != NULL) { + for (i = 0; i < sk_OPENSSL_STRING_num(opts); i++) { + char *opt = sk_OPENSSL_STRING_value(opts, i); + if (kdf_ctrl_string(ctx, opt) <= 0) { + BIO_printf(bio_err, "KDF parameter error '%s'\n", opt); + ERR_print_errors(bio_err); + goto err; + } + } + } + + out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT); + if (out == NULL) + goto err; + + if (dkm_len <= 0) { + BIO_printf(bio_err, "Invalid derived key length.\n"); + goto err; + } + dkm_bytes = app_malloc(dkm_len, "out buffer"); + if (dkm_bytes == NULL) + goto err; + + if (!EVP_KDF_derive(ctx, dkm_bytes, dkm_len)) { + BIO_printf(bio_err, "EVP_KDF_derive failed\n"); + goto err; + } + + if (out_bin) { + BIO_write(out, dkm_bytes, dkm_len); + } else { + hexout = OPENSSL_buf2hexstr(dkm_bytes, dkm_len); + BIO_printf(out, "%s\n\n", hexout); + } + + ret = 0; +err: + if (ret != 0) + ERR_print_errors(bio_err); + OPENSSL_clear_free(dkm_bytes, dkm_len); + sk_OPENSSL_STRING_free(opts); + EVP_KDF_CTX_free(ctx); + BIO_free(out); + OPENSSL_free(hexout); + return ret; +} diff --git a/doc/man1/kdf.pod b/doc/man1/kdf.pod new file mode 100644 index 0000000..0ff7762 --- /dev/null +++ b/doc/man1/kdf.pod @@ -0,0 +1,167 @@ +=pod + +=head1 NAME + +openssl-kdf, +kdf - perform Key Derivation Function operations + +=head1 SYNOPSIS + +B +[B<-help>] +[B<-kdfopt> I] +[B<-keylen> I] +[B<-out> I] +[B<-binary>] +I + +=head1 DESCRIPTION + +The key derivation functions generate a derived key from either a secret or +password. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Print a usage message. + +=item B<-keylen> I + +The output size of the derived key. This field is required. + +=item B<-out> I + +Filename to output to, or standard output by default. + +=item B<-binary> + +Output the derived key in binary form. Uses hexadecimal text format if not specified. + +=item B<-kdfopt> I + +Passes options to the KDF algorithm. +A comprehensive list of controls can be found in the EVP_KDF_CTX implementation +documentation. +Common control strings used by EVP_KDF_ctrl_str() are: + +=over 4 + +=item BI + +Specifies the secret key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the KDF algorithm. +A key must be specified for most KDF algorithms. + +=item BI + +Specifies the secret key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the KDF algorithm. +A key must be specified for most KDF algorithms. + +=item BI + +Specifies the password as an alphanumeric string (use if the password contains +printable characters only). +The password must be specified for PBKDF2 and scrypt. + +=item BI + +Specifies the password in hexadecimal form (two hex digits per byte). +The password must be specified for PBKDF2 and scrypt. + +=item BI + +Specifies the name of a digest as an alphanumeric string. +To see the list of supported digests, use the command I. + +=back + +=item I + +Specifies the name of a supported KDF algorithm which will be used. +The supported algorithms names are TLS1-PRF, HKDF, SSKDF, PBKDF2, SSHKDF and id-scrypt. + +=back + +=head1 EXAMPLES + +Use TLS1-PRF to create a hex-encoded derived key from a secret key and seed: + + openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt key:secret \ + -kdfopt seed:seed TLS1-PRF + +Use HKDF to create a hex-encoded derived key from a secret key, salt and info: + + openssl kdf -keylen 10 -kdfopt digest:SHA256 -kdfopt key:secret \ + -kdfopt salt:salt -kdfopt info:label HKDF + +Use SSKDF with KMAC to create a hex-encoded derived key from a secret key, salt and info: + + openssl kdf -keylen 64 -kdfopt mac:KMAC128 -kdfopt maclen:20 \ + -kdfopt hexkey:b74a149a161545 -kdfopt hexinfo:348a37a2 \ + -kdfopt hexsalt:3638271ccd68a2 SSKDF + +Use SSKDF with HMAC to create a hex-encoded derived key from a secret key, salt and info: + + openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA256 \ + -kdfopt hexkey:b74a149a -kdfopt hexinfo:348a37a2 \ + -kdfopt hexsalt:3638271c SSKDF + +Use SSKDF with Hash to create a hex-encoded derived key from a secret key, salt and info: + + openssl kdf -keylen 14 -kdfopt digest:SHA256 \ + -kdfopt hexkey:6dbdc23f045488 \ + -kdfopt hexinfo:a1b2c3d4 SSKDF + +Use SSHKDF to create a hex-encoded derived key from a secret key, hash and session_id: + + openssl kdf -keylen 16 -kdfopt digest:SHA256 \ + -kdfopt hexkey:0102030405 \ + -kdfopt hexxcghash:06090A \ + -kdfopt hexsession_id:01020304 \ + -kdfopt type:A SSHKDF + +Use PBKDF2 to create a hex-encoded derived key from a password and salt: + + openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password \ + -kdfopt salt:salt -kdfopt iter:2 PBKDF2 + +Use scrypt to create a hex-encoded derived key from a password and salt: + + openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \ + -kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 \ + -kdfopt maxmem_bytes:10485760 id-scrypt + +=head1 NOTES + +The KDF mechanisms that are available will depend on the options +used when building OpenSSL. + +=head1 SEE ALSO + +L, +L +L +L +L +L +L + +=head1 HISTORY + +Added in OpenSSL 3.0 + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index e41c76a..41d04da 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -171,6 +171,10 @@ Generation of RSA Private Key. Superseded by L. Display diverse information built into the OpenSSL libraries. +=item B + +Key Derivation Functions. + =item B Message Authentication Code Calculation. @@ -616,7 +620,7 @@ L, L, L, L, L, L, L, L, L, L, L, L, L, -L, L, L, L, +L, L, L, L, L, L, L, L, L, L, L, L, L, @@ -636,7 +640,7 @@ manual pages. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KDF_CTX.pod b/doc/man3/EVP_KDF_CTX.pod index 4ca8d94..f646528 100644 --- a/doc/man3/EVP_KDF_CTX.pod +++ b/doc/man3/EVP_KDF_CTX.pod @@ -151,9 +151,9 @@ The value string is expected to be the name of a MAC. This control expects one argument: C For MAC implementations that use a message digest as an underlying computation -algorithm, this control set what the digest algorithm should be. +algorithm, this control sets what the digest algorithm should be. -EVP_KDF_ctrl_str() type string: "md" +EVP_KDF_ctrl_str() type string: "digest" The value string is expected to be the name of a digest. @@ -232,6 +232,7 @@ L L L L +L =head1 HISTORY diff --git a/test/recipes/20-test_kdf.t b/test/recipes/20-test_kdf.t new file mode 100644 index 0000000..62cbb05 --- /dev/null +++ b/test/recipes/20-test_kdf.t @@ -0,0 +1,78 @@ +#! /usr/bin/env perl +# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +setup("test_kdf"); + +my @kdf_tests = ( + { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt secret:secret -kdfopt seed:seed TLS1-PRF}], + expected => '8E:4D:93:25:30:D7:65:A0:AA:E9:74:C3:04:73:5E:CC', + desc => 'TLS1-PRF SHA256' }, + { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:MD5-SHA1 -kdfopt secret:secret -kdfopt seed:seed TLS1-PRF}], + expected => '65:6F:31:CB:04:03:D6:51:E2:E8:71:F8:20:04:AB:BA', + desc => 'TLS1-PRF MD5-SHA1' }, + { cmd => [qw{openssl kdf -keylen 10 -kdfopt digest:SHA256 -kdfopt key:secret -kdfopt salt:salt -kdfopt info:label HKDF}], + expected => '2a:c4:36:9f:52:59:96:f8:de:13', + desc => 'HKDF SHA256' }, + { cmd => [qw{openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password -kdfopt salt:salt -kdfopt iter:2 PBKDF2}], + expected => 'ae:4d:0c:95:af:6b:46:d3:2d:0a:df:f9:28:f0:6d:d0:2a:30:3f:8e:f3:c2:51:df:d6:e2:d8:5a:95:47:4c:43', + desc => 'PBKDF2 SHA256'}, + { cmd => [qw{openssl kdf -keylen 64 -kdfopt mac:KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], + expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03', + desc => 'SSKDF KMAC128'}, + { cmd => [qw{openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], + expected => '44:f6:76:e8:5c:1b:1a:8b:bc:3d:31:92:18:63:1c:a3', + desc => 'SSKDF HMAC SHA256'}, + { cmd => [qw{openssl kdf -keylen 14 -kdfopt digest:SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}], + expected => 'a4:62:de:16:a8:9d:e8:46:6e:f5:46:0b:47:b8', + desc => 'SSKDF HASH SHA224'}, + { cmd => [qw{openssl kdf -keylen 16 -kdfopt md:SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}], + expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16', + desc => 'SSHKDF SHA256'}, +); + +my @scrypt_tests = ( + { cmd => [qw{openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl -kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 -kdfopt maxmem_bytes:10485760 id-scrypt}], + expected => 'fd:ba:be:1c:9d:34:72:00:78:56:e7:19:0d:01:e9:fe:7c:6a:d7:cb:c8:23:78:30:e7:73:76:63:4b:37:31:62:2e:af:30:d9:2e:22:a3:88:6f:f1:09:27:9d:98:30:da:c7:27:af:b9:4a:83:ee:6d:83:60:cb:df:a2:cc:06:40', + desc => 'SCRYPT' }, +); + +push @kdf_tests, @scrypt_tests unless disabled("scrypt"); + +plan tests => scalar @kdf_tests; + +foreach (@kdf_tests) { + ok(compareline($_->{cmd}, $_->{expected}), $_->{desc}); +} + +# Check that the stdout output matches the expected value. +sub compareline { + my ($cmdarray, $expect) = @_; + if (defined($expect)) { + $expect = uc $expect; + } + + my @lines = run(app($cmdarray), capture => 1); + + if (defined($expect)) { + if ($lines[0] =~ m|^\Q${expect}\E\R$|) { + return 1; + } else { + print "Got: $lines[0]"; + print "Exp: $expect\n"; + return 0; + } + } + return 0; +} From builds at travis-ci.org Wed Apr 24 10:16:48 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Apr 2019 10:16:48 +0000 Subject: Still Failing: openssl/openssl#24901 (master - 07822c5) In-Reply-To: Message-ID: <5cc0379068ad0_43f82406bde40856f5@697fb352-e531-42de-9add-e3b0f3e5c7ac.mail> Build Update for openssl/openssl ------------------------------------- Build: #24901 Status: Still Failing Duration: 18 mins and 20 secs Commit: 07822c5 (master) Author: Shane Lontis Message: added openssl app 'kdf' and 'mac' to the NEWS and CHANGES docs Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8762) View the changeset: https://github.com/openssl/openssl/compare/bacc3081309e...07822c515574 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/523893507?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 24 13:59:01 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Apr 2019 13:59:01 +0000 Subject: Build failed: openssl master.24306 Message-ID: <20190424135901.1.745819774BB312A6@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Apr 24 14:36:14 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 24 Apr 2019 14:36:14 +0000 Subject: [openssl] master update Message-ID: <1556116574.843856.16251.nullmailer@dev.openssl.org> The branch master has been updated via 87930507ff1c020d4ba1ca895ef3ef08e17253b3 (commit) from 07822c515574223c2958fcddd52191cfbf9aefcd (commit) - Log ----------------------------------------------------------------- commit 87930507ff1c020d4ba1ca895ef3ef08e17253b3 Author: Jakub Jelen Date: Thu Apr 18 16:09:45 2019 +0200 doc: Get rid of unrelated reference to DSA_new() CLA: trivial Signed-off-by: Jakub Jelen Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8786) ----------------------------------------------------------------------- Summary of changes: doc/man3/ECDSA_SIG_new.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index f37005d..e99a823 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -200,7 +200,7 @@ ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 =head1 SEE ALSO -L, +L, L, L From levitte at openssl.org Wed Apr 24 14:36:59 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 24 Apr 2019 14:36:59 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1556116619.749008.5789.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 282360e6be8f0089470b38c07458c23564f5447f (commit) from aacae7a915c2b872f98eaefca67b6d0c58d223aa (commit) - Log ----------------------------------------------------------------- commit 282360e6be8f0089470b38c07458c23564f5447f Author: Jakub Jelen Date: Thu Apr 18 16:09:45 2019 +0200 doc: Get rid of unrelated reference to DSA_new() CLA: trivial Signed-off-by: Jakub Jelen Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8786) (cherry picked from commit 87930507ff1c020d4ba1ca895ef3ef08e17253b3) ----------------------------------------------------------------------- Summary of changes: doc/man3/ECDSA_SIG_new.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index 0bf63f8..e36444f 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -200,7 +200,7 @@ ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 =head1 SEE ALSO -L, +L, L, L From builds at travis-ci.org Wed Apr 24 15:08:37 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Apr 2019 15:08:37 +0000 Subject: Failed: openssl/openssl#24905 (OpenSSL_1_1_1-stable - 282360e) In-Reply-To: Message-ID: <5cc07bf5aa9bd_43fcc9517912422846a@83e7c004-7e38-4c41-89e6-e7b475ef87cf.mail> Build Update for openssl/openssl ------------------------------------- Build: #24905 Status: Failed Duration: 25 mins and 45 secs Commit: 282360e (OpenSSL_1_1_1-stable) Author: Jakub Jelen Message: doc: Get rid of unrelated reference to DSA_new() CLA: trivial Signed-off-by: Jakub Jelen Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8786) (cherry picked from commit 87930507ff1c020d4ba1ca895ef3ef08e17253b3) View the changeset: https://github.com/openssl/openssl/compare/aacae7a915c2...282360e6be8f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524014855?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Apr 24 14:54:57 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 24 Apr 2019 14:54:57 +0000 Subject: Still Failing: openssl/openssl#24904 (master - 8793050) In-Reply-To: Message-ID: <5cc078c18056_43f8cd5177e8c348259@ecde55cb-d0d0-42c9-9496-a9a4ceb56cdb.mail> Build Update for openssl/openssl ------------------------------------- Build: #24904 Status: Still Failing Duration: 18 mins and 3 secs Commit: 8793050 (master) Author: Jakub Jelen Message: doc: Get rid of unrelated reference to DSA_new() CLA: trivial Signed-off-by: Jakub Jelen Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8786) View the changeset: https://github.com/openssl/openssl/compare/07822c515574...87930507ff1c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524014627?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Apr 24 15:33:51 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Apr 2019 15:33:51 +0000 Subject: Build completed: openssl master.24307 Message-ID: <20190424153351.1.5507DB33F708EE70@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Apr 25 05:53:57 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 25 Apr 2019 05:53:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1556171637.719202.31328.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 87930507ff doc: Get rid of unrelated reference to DSA_new() 07822c5155 added openssl app 'kdf' and 'mac' to the NEWS and CHANGES docs c54492ecf8 Added app for EVP_KDF bacc308130 Recognise clang -fsanitize options and translate them Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:36: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:41: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfa): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6920: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From matt at openssl.org Thu Apr 25 10:05:09 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 25 Apr 2019 10:05:09 +0000 Subject: [openssl] master update Message-ID: <1556186709.696603.26952.nullmailer@dev.openssl.org> The branch master has been updated via 514c9da48b860153079748b0d588cd42191f0b6a (commit) from 87930507ff1c020d4ba1ca895ef3ef08e17253b3 (commit) - Log ----------------------------------------------------------------- commit 514c9da48b860153079748b0d588cd42191f0b6a Author: Guido Vranken Date: Mon Apr 22 14:11:12 2019 +0200 Enforce a strict output length check in CRYPTO_ccm128_tag Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8810) ----------------------------------------------------------------------- Summary of changes: crypto/modes/ccm128.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c index 9edf027..bfa2d46 100644 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -425,7 +425,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len) M *= 2; M += 2; - if (len < M) + if (len != M) return 0; memcpy(tag, ctx->cmac.c, M); return M; From matt at openssl.org Thu Apr 25 10:05:21 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 25 Apr 2019 10:05:21 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1556186721.874907.27774.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via fc4c034ee823c18de34d72dc46da6aabbb6f551e (commit) from 282360e6be8f0089470b38c07458c23564f5447f (commit) - Log ----------------------------------------------------------------- commit fc4c034ee823c18de34d72dc46da6aabbb6f551e Author: Guido Vranken Date: Mon Apr 22 14:11:12 2019 +0200 Enforce a strict output length check in CRYPTO_ccm128_tag Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8810) (cherry picked from commit 514c9da48b860153079748b0d588cd42191f0b6a) ----------------------------------------------------------------------- Summary of changes: crypto/modes/ccm128.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c index 85ce84f..742c63f 100644 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -425,7 +425,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len) M *= 2; M += 2; - if (len < M) + if (len != M) return 0; memcpy(tag, ctx->cmac.c, M); return M; From builds at travis-ci.org Thu Apr 25 10:26:08 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Apr 2019 10:26:08 +0000 Subject: Still Failing: openssl/openssl#24907 (OpenSSL_1_1_1-stable - fc4c034) In-Reply-To: Message-ID: <5cc18b402a638_43f8f387ae31815277f@f135de5b-716f-4967-9adf-fba3084312c3.mail> Build Update for openssl/openssl ------------------------------------- Build: #24907 Status: Still Failing Duration: 19 mins and 59 secs Commit: fc4c034 (OpenSSL_1_1_1-stable) Author: Guido Vranken Message: Enforce a strict output length check in CRYPTO_ccm128_tag Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8810) (cherry picked from commit 514c9da48b860153079748b0d588cd42191f0b6a) View the changeset: https://github.com/openssl/openssl/compare/282360e6be8f...fc4c034ee823 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524400932?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Apr 25 10:35:55 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Apr 2019 10:35:55 +0000 Subject: Still Failing: openssl/openssl#24908 (master - 514c9da) In-Reply-To: Message-ID: <5cc18d8b53125_43fa9de434d5c67612@b181588f-7288-4cb3-b979-b10df947e10c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24908 Status: Still Failing Duration: 29 mins and 55 secs Commit: 514c9da (master) Author: Guido Vranken Message: Enforce a strict output length check in CRYPTO_ccm128_tag Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8810) View the changeset: https://github.com/openssl/openssl/compare/87930507ff1c...514c9da48b86 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524400960?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 25 11:59:29 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Apr 2019 11:59:29 +0000 Subject: Build failed: openssl master.24312 Message-ID: <20190425115929.1.95A4026D28AF78D1@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Apr 25 12:07:24 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 25 Apr 2019 12:07:24 +0000 Subject: [openssl] master update Message-ID: <1556194044.865956.30247.nullmailer@dev.openssl.org> The branch master has been updated via 3119ab3c9e6d211c461a245f3744893e17b6c193 (commit) via 8450d0c784f8cec58e1b41c79fb3836b9f2acd5e (commit) from 514c9da48b860153079748b0d588cd42191f0b6a (commit) - Log ----------------------------------------------------------------- commit 3119ab3c9e6d211c461a245f3744893e17b6c193 Author: Matt Caswell Date: Fri Apr 19 13:55:08 2019 +0100 Fix error in BIO_get_ktls_send() and BIO_get_ktls_recv() If we were using a different type of BIO than a socket BIO then BIO_get_ktls_send() and BIO_get_ktls_recv() could return the wrong result. The above occurred even if KTLS was disabled at compile time - so we should additionally ensure that those macros do nothing if KTLS is disabled. Finally we make the logic in ssl3_get_record() a little more robust when KTLS has been disabled. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8793) commit 8450d0c784f8cec58e1b41c79fb3836b9f2acd5e Author: Matt Caswell Date: Fri Apr 19 13:53:56 2019 +0100 Fix KTLS compilation error If the kernel headers are sufficiently recent to have KTLS transmit support, but not recent enough to have KTLS receive support then a compilation error would be the result. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8793) ----------------------------------------------------------------------- Summary of changes: include/internal/ktls.h | 4 ++++ include/openssl/bio.h | 15 +++++++++++---- ssl/record/ssl3_record.c | 4 ++-- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/include/internal/ktls.h b/include/internal/ktls.h index 5495a8d..d7bd1f3 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -90,6 +90,10 @@ static ossl_inline int ktls_read_record(int fd, void *data, size_t length) # define TCP_ULP 31 # endif +# ifndef TLS_RX +# define TLS_RX 2 +# endif + /* * When successful, this socket option doesn't change the behaviour of the * TCP socket, except changing the TCP setsockopt handler to enable the diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 85cbe0a..66e0b96 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -152,13 +152,20 @@ extern "C" { * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 */ -# define BIO_CTRL_GET_KTLS_SEND 73 -# define BIO_CTRL_GET_KTLS_RECV 76 +# define BIO_CTRL_GET_KTLS_SEND 73 +# define BIO_CTRL_GET_KTLS_RECV 76 +# ifndef OPENSSL_NO_KTLS # define BIO_get_ktls_send(b) \ - BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) + (BIO_method_type(b) == BIO_TYPE_SOCKET \ + && BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL)) # define BIO_get_ktls_recv(b) \ - BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) + (BIO_method_type(b) == BIO_TYPE_SOCKET \ + && BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL)) +# else +# define BIO_get_ktls_send(b) (0) +# define BIO_get_ktls_recv(b) (0) +# endif /* modifiers */ # define BIO_FP_READ 0x02 diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 24694b3..f758f17 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -211,9 +211,9 @@ int ssl3_get_record(SSL *s) SSL3_BUFFER_get_len(rbuf), 0, num_recs == 0 ? 1 : 0, &n); if (rret <= 0) { +#ifndef OPENSSL_NO_KTLS if (!BIO_get_ktls_recv(s->rbio)) return rret; /* error or non-blocking */ -#ifndef OPENSSL_NO_KTLS switch (errno) { case EBADMSG: SSLfatal(s, SSL_AD_BAD_RECORD_MAC, @@ -233,8 +233,8 @@ int ssl3_get_record(SSL *s) default: break; } - return rret; #endif + return rret; } RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY); From matt at openssl.org Thu Apr 25 12:20:16 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 25 Apr 2019 12:20:16 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1556194816.440203.1892.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via cea83f9f7825309379db3fea77f19edf0c5b1e13 (commit) from f937540ec40a5e838460b8f19d2eb722529126b8 (commit) - Log ----------------------------------------------------------------- commit cea83f9f7825309379db3fea77f19edf0c5b1e13 Author: Emilia Kasper Date: Fri Jun 3 14:42:04 2016 +0200 RT 4242: reject invalid EC point coordinates This is a backport of commit 1e2012b7 to 1.0.2. This hardening change was made to 1.1.0 but was not backported to 1.0.2. Recent CVEs in user applications have shown this additional hardening in 1.0.2 would be beneficial. E.g. see the patch for CVE-2019-9498 https://w1.fi/security/2019-4/0011-EAP-pwd-server-Verify-received-scalar-and-element.patch and CVE-2019-9499 https://w1.fi/security/2019-4/0013-EAP-pwd-client-Verify-received-scalar-and-element.patch The original commit had this description: We already test in EC_POINT_oct2point that points are on the curve. To be on the safe side, move this check to EC_POINT_set_affine_coordinates_* so as to also check point coordinates received through some other method. We do not check projective coordinates, though, as - it's unlikely that applications would be receiving this primarily internal representation from untrusted sources, and - it's possible that the projective setters are used in a setting where performance matters. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8750) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec2_oct.c | 10 +++--- crypto/ec/ec_lib.c | 20 +++++++++-- crypto/ec/ecp_oct.c | 10 +++--- crypto/ec/ectest.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 116 insertions(+), 20 deletions(-) diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 6f2f7ca..b3e71c4 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -383,16 +383,14 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } } + /* + * EC_POINT_set_affine_coordinates_GF2m is responsible for checking that + * the point is on the curve. + */ if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; } - /* test required by X9.62 */ - if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - ret = 1; err: diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index df56484..c01e0f0 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -872,7 +872,15 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_R_INCOMPATIBLE_OBJECTS); return 0; } - return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); + if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx)) + return 0; + + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, + EC_R_POINT_IS_NOT_ON_CURVE); + return 0; + } + return 1; } #ifndef OPENSSL_NO_EC2M @@ -890,7 +898,15 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_R_INCOMPATIBLE_OBJECTS); return 0; } - return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); + if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx)) + return 0; + + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, + EC_R_POINT_IS_NOT_ON_CURVE); + return 0; + } + return 1; } #endif diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index 1bc3f39..941f0ec 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -408,16 +408,14 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } } + /* + * EC_POINT_set_affine_coordinates_GFp is responsible for checking that + * the point is on the curve. + */ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; } - /* test required by X9.62 */ - if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - ret = 1; err: diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index 5e1ef50..c3cdac1 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -325,7 +325,7 @@ static void prime_field_tests(void) EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z; + BIGNUM *x, *y, *z, *yplusone; unsigned char buf[100]; size_t i, len; int k; @@ -405,7 +405,8 @@ static void prime_field_tests(void) x = BN_new(); y = BN_new(); z = BN_new(); - if (!x || !y || !z) + yplusone = BN_new(); + if (x == NULL || y == NULL || z == NULL || yplusone == NULL) ABORT; if (!BN_hex2bn(&x, "D")) @@ -542,6 +543,14 @@ static void prime_field_tests(void) ABORT; if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; if (EC_POINT_is_on_curve(group, P, ctx) <= 0) @@ -613,6 +622,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 192) ABORT; @@ -668,6 +686,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 224) ABORT; @@ -728,6 +755,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 256) ABORT; @@ -783,6 +819,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 384) ABORT; @@ -844,6 +889,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 521) ABORT; @@ -858,6 +912,10 @@ static void prime_field_tests(void) /* more tests using the last curve */ + /* Restore the point that got mangled in the (x, y + 1) test. */ + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + if (!EC_POINT_copy(Q, P)) ABORT; if (EC_POINT_is_at_infinity(group, Q)) @@ -987,6 +1045,7 @@ static void prime_field_tests(void) BN_free(x); BN_free(y); BN_free(z); + BN_free(yplusone); if (P_160) EC_GROUP_free(P_160); @@ -1007,6 +1066,13 @@ static void prime_field_tests(void) # ifdef OPENSSL_EC_BIN_PT_COMP # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ + if (!BN_hex2bn(&y, _y)) ABORT; \ + if (!BN_add(yplusone, y, BN_value_one())) ABORT; \ + /* \ + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \ + * and therefore setting the coordinates should fail. \ + */ \ + if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ @@ -1025,6 +1091,12 @@ static void prime_field_tests(void) # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ + if (!BN_add(yplusone, y, BN_value_one())) ABORT; \ + /* \ + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \ + * and therefore setting the coordinates should fail. \ + */ \ + if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ @@ -1062,7 +1134,7 @@ static void char2_field_tests(void) EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL; EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z, *cof; + BIGNUM *x, *y, *z, *cof, *yplusone; unsigned char buf[100]; size_t i, len; int k; @@ -1076,7 +1148,7 @@ static void char2_field_tests(void) p = BN_new(); a = BN_new(); b = BN_new(); - if (!p || !a || !b) + if (p == NULL || a == NULL || b == NULL) ABORT; if (!BN_hex2bn(&p, "13")) @@ -1142,7 +1214,8 @@ static void char2_field_tests(void) y = BN_new(); z = BN_new(); cof = BN_new(); - if (!x || !y || !z || !cof) + yplusone = BN_new(); + if (x == NULL || y == NULL || z == NULL || cof == NULL || yplusone == NULL) ABORT; if (!BN_hex2bn(&x, "6")) @@ -1504,6 +1577,7 @@ static void char2_field_tests(void) BN_free(y); BN_free(z); BN_free(cof); + BN_free(yplusone); if (C2_K163) EC_GROUP_free(C2_K163); @@ -1672,7 +1746,7 @@ static const struct nistp_test_params nistp_tests_params[] = { static void nistp_single_test(const struct nistp_test_params *test) { BN_CTX *ctx; - BIGNUM *p, *a, *b, *x, *y, *n, *m, *order; + BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone; EC_GROUP *NISTP; EC_POINT *G, *P, *Q, *Q_CHECK; @@ -1687,6 +1761,7 @@ static void nistp_single_test(const struct nistp_test_params *test) m = BN_new(); n = BN_new(); order = BN_new(); + yplusone = BN_new(); NISTP = EC_GROUP_new(test->meth()); if (!NISTP) @@ -1709,6 +1784,14 @@ static void nistp_single_test(const struct nistp_test_params *test) ABORT; if (!BN_hex2bn(&y, test->Qy)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx)) + ABORT; if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT; if (!BN_hex2bn(&x, test->Gx)) @@ -1811,6 +1894,7 @@ static void nistp_single_test(const struct nistp_test_params *test) BN_free(x); BN_free(y); BN_free(order); + BN_free(yplusone); BN_CTX_free(ctx); } From builds at travis-ci.org Thu Apr 25 12:29:25 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Apr 2019 12:29:25 +0000 Subject: Still Failing: openssl/openssl#24910 (master - 3119ab3) In-Reply-To: Message-ID: <5cc1a824cb80e_43f99a326db2c1554f5@d306c77c-dbff-4b83-ad8c-fc8e4c28da8f.mail> Build Update for openssl/openssl ------------------------------------- Build: #24910 Status: Still Failing Duration: 21 mins and 22 secs Commit: 3119ab3 (master) Author: Matt Caswell Message: Fix error in BIO_get_ktls_send() and BIO_get_ktls_recv() If we were using a different type of BIO than a socket BIO then BIO_get_ktls_send() and BIO_get_ktls_recv() could return the wrong result. The above occurred even if KTLS was disabled at compile time - so we should additionally ensure that those macros do nothing if KTLS is disabled. Finally we make the logic in ssl3_get_record() a little more robust when KTLS has been disabled. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8793) View the changeset: https://github.com/openssl/openssl/compare/514c9da48b86...3119ab3c9e6d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524443240?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Apr 25 13:02:57 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 25 Apr 2019 13:02:57 +0000 Subject: [openssl] master update Message-ID: <1556197377.229774.13795.nullmailer@dev.openssl.org> The branch master has been updated via bb5b3e6dd0575a4fa96f5085228b716062c00502 (commit) from 3119ab3c9e6d211c461a245f3744893e17b6c193 (commit) - Log ----------------------------------------------------------------- commit bb5b3e6dd0575a4fa96f5085228b716062c00502 Author: Pauli Date: Wed Apr 24 11:24:11 2019 +1000 Statistically test BN_rand_range(). Add a Chi^2 goodness of fit test to empirically provide a degree of confidence in the uniformity of the output of the random range generation function. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8818) ----------------------------------------------------------------------- Summary of changes: test/bntest.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/test/bntest.c b/test/bntest.c index 976dbf4..2043e43 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1954,6 +1954,73 @@ static int test_rand(void) return st; } +/* + * Run some statistical tests to provide a degree confidence that the + * BN_rand_range() function works as expected. The critical value + * is computed using the R statistical suite: + * + * qchisq(alpha, df=iterations - 1) + * + * where alpha is the significance level (0.95 is used here) and iterations + * is the number of samples being drawn. + */ +static const struct { + unsigned int range; + unsigned int iterations; + double critical; +} rand_range_cases[] = { + { 2, 100, 123.2252 /* = qchisq(.95, df=99) */ }, + { 12, 1000, 1073.643 /* = qchisq(.95, df=999) */ }, + { 1023, 100000, 100735.7 /* = qchisq(.95, df=99999) */ }, +}; + +static int test_rand_range(int n) +{ + const unsigned int range = rand_range_cases[n].range; + const unsigned int iterations = rand_range_cases[n].iterations; + const double critical = rand_range_cases[n].critical; + const double expected = iterations / (double)range; + double sum = 0; + BIGNUM *rng = NULL, *val = NULL; + size_t *counts; + unsigned int i, v; + int res = 0; + + if (!TEST_ptr(counts = OPENSSL_zalloc(sizeof(*counts) * range)) + || !TEST_ptr(rng = BN_new()) + || !TEST_ptr(val = BN_new()) + || !TEST_true(BN_set_word(rng, range))) + goto err; + for (i = 0; i < iterations; i++) { + if (!TEST_true(BN_rand_range(val, rng)) + || !TEST_uint_lt(v = (unsigned int)BN_get_word(val), range)) + goto err; + counts[v]++; + } + + TEST_note("range %u iterations %u critical %.4f", range, iterations, + critical); + if (range < 20) { + TEST_note("frequencies (expected %.2f)", expected); + for (i = 0; i < range; i++) + TEST_note(" %2u %6zu", i, counts[i]); + } + for (i = 0; i < range; i++) { + const double delta = counts[i] - expected; + sum += delta * delta; + } + sum /= expected; + TEST_note("test statistic %.4f", sum); + + if (TEST_double_lt(sum, critical)) + res = 1; +err: + BN_free(rng); + BN_free(val); + OPENSSL_free(counts); + return res; +} + static int test_negzero(void) { BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; @@ -2432,6 +2499,7 @@ int setup_tests(void) #endif ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes)); ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes)); + ADD_ALL_TESTS(test_rand_range, OSSL_NELEM(rand_range_cases)); } else { ADD_ALL_TESTS(run_file_tests, n); } From pauli at openssl.org Thu Apr 25 13:04:16 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 25 Apr 2019 13:04:16 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1556197456.499218.14943.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 4a71766793bbd54da8915619d497c1bfd8646256 (commit) from fc4c034ee823c18de34d72dc46da6aabbb6f551e (commit) - Log ----------------------------------------------------------------- commit 4a71766793bbd54da8915619d497c1bfd8646256 Author: Pauli Date: Wed Apr 24 11:24:11 2019 +1000 Statistically test BN_rand_range(). Add a Chi^2 goodness of fit test to empirically provide a degree of confidence in the uniformity of the output of the random range generation function. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8818) (cherry picked from commit bb5b3e6dd0575a4fa96f5085228b716062c00502) ----------------------------------------------------------------------- Summary of changes: test/bntest.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/test/bntest.c b/test/bntest.c index c68d7f6..5c267bd 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1954,6 +1954,73 @@ static int test_rand(void) return st; } +/* + * Run some statistical tests to provide a degree confidence that the + * BN_rand_range() function works as expected. The critical value + * is computed using the R statistical suite: + * + * qchisq(alpha, df=iterations - 1) + * + * where alpha is the significance level (0.95 is used here) and iterations + * is the number of samples being drawn. + */ +static const struct { + unsigned int range; + unsigned int iterations; + double critical; +} rand_range_cases[] = { + { 2, 100, 123.2252 /* = qchisq(.95, df=99) */ }, + { 12, 1000, 1073.643 /* = qchisq(.95, df=999) */ }, + { 1023, 100000, 100735.7 /* = qchisq(.95, df=99999) */ }, +}; + +static int test_rand_range(int n) +{ + const unsigned int range = rand_range_cases[n].range; + const unsigned int iterations = rand_range_cases[n].iterations; + const double critical = rand_range_cases[n].critical; + const double expected = iterations / (double)range; + double sum = 0; + BIGNUM *rng = NULL, *val = NULL; + size_t *counts; + unsigned int i, v; + int res = 0; + + if (!TEST_ptr(counts = OPENSSL_zalloc(sizeof(*counts) * range)) + || !TEST_ptr(rng = BN_new()) + || !TEST_ptr(val = BN_new()) + || !TEST_true(BN_set_word(rng, range))) + goto err; + for (i = 0; i < iterations; i++) { + if (!TEST_true(BN_rand_range(val, rng)) + || !TEST_uint_lt(v = (unsigned int)BN_get_word(val), range)) + goto err; + counts[v]++; + } + + TEST_note("range %u iterations %u critical %.4f", range, iterations, + critical); + if (range < 20) { + TEST_note("frequencies (expected %.2f)", expected); + for (i = 0; i < range; i++) + TEST_note(" %2u %6zu", i, counts[i]); + } + for (i = 0; i < range; i++) { + const double delta = counts[i] - expected; + sum += delta * delta; + } + sum /= expected; + TEST_note("test statistic %.4f", sum); + + if (TEST_double_lt(sum, critical)) + res = 1; +err: + BN_free(rng); + BN_free(val); + OPENSSL_free(counts); + return res; +} + static int test_negzero(void) { BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; @@ -2421,6 +2488,7 @@ int setup_tests(void) #endif ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes)); ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes)); + ADD_ALL_TESTS(test_rand_range, OSSL_NELEM(rand_range_cases)); } else { ADD_ALL_TESTS(run_file_tests, n); } From builds at travis-ci.org Thu Apr 25 13:22:02 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Apr 2019 13:22:02 +0000 Subject: Still Failing: openssl/openssl#24915 (OpenSSL_1_1_1-stable - 4a71766) In-Reply-To: Message-ID: <5cc1b47a9ccaa_43fa9de1777a41020a2@b181588f-7288-4cb3-b979-b10df947e10c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24915 Status: Still Failing Duration: 12 mins and 49 secs Commit: 4a71766 (OpenSSL_1_1_1-stable) Author: Pauli Message: Statistically test BN_rand_range(). Add a Chi^2 goodness of fit test to empirically provide a degree of confidence in the uniformity of the output of the random range generation function. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8818) (cherry picked from commit bb5b3e6dd0575a4fa96f5085228b716062c00502) View the changeset: https://github.com/openssl/openssl/compare/fc4c034ee823...4a71766793bb View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524465724?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Apr 25 13:22:28 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Apr 2019 13:22:28 +0000 Subject: Still Failing: openssl/openssl#24914 (master - bb5b3e6) In-Reply-To: Message-ID: <5cc1b49344e0b_43fde36ec38b81518f5@cde4cd41-5d62-4f2c-9f16-a57a1b7ed359.mail> Build Update for openssl/openssl ------------------------------------- Build: #24914 Status: Still Failing Duration: 18 mins and 47 secs Commit: bb5b3e6 (master) Author: Pauli Message: Statistically test BN_rand_range(). Add a Chi^2 goodness of fit test to empirically provide a degree of confidence in the uniformity of the output of the random range generation function. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8818) View the changeset: https://github.com/openssl/openssl/compare/3119ab3c9e6d...bb5b3e6dd057 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524465173?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 25 15:50:03 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Apr 2019 15:50:03 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.24318 Message-ID: <20190425155003.1.98192720F42F7039@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 25 16:40:56 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Apr 2019 16:40:56 +0000 Subject: Build completed: openssl master.24319 Message-ID: <20190425164056.1.612AE24D05B7ECAA@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Apr 25 20:44:58 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Apr 2019 20:44:58 +0000 Subject: Build failed: openssl master.24321 Message-ID: <20190425204458.1.B3B9CCE2B9266FE4@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Apr 25 21:07:46 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 25 Apr 2019 21:07:46 +0000 Subject: [openssl] master update Message-ID: <1556226466.356411.4513.nullmailer@dev.openssl.org> The branch master has been updated via 5ee08f45bcabc3cef0d7d7b2aa6ecad12ca4197b (commit) via 302aa3c26d9e716ed4a3fba453faafa7acadf22c (commit) via 3062468b0aa0eaa287e44689157d97774fd5817e (commit) via 11aad862850cb2e639756e7126216b6cf38af26b (commit) from bb5b3e6dd0575a4fa96f5085228b716062c00502 (commit) - Log ----------------------------------------------------------------- commit 5ee08f45bcabc3cef0d7d7b2aa6ecad12ca4197b Author: Patrick Steuer Date: Mon Mar 25 18:23:59 2019 +0100 s390x assembly pack: remove poly1305 dependency on non-base memnonics Signed-off-by: Patrick Steuer Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8181) commit 302aa3c26d9e716ed4a3fba453faafa7acadf22c Author: Patrick Steuer Date: Mon Mar 25 18:22:02 2019 +0100 s390x assembly pack: remove chacha20 dependency on non-base memnonics Signed-off-by: Patrick Steuer Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8181) commit 3062468b0aa0eaa287e44689157d97774fd5817e Author: Patrick Steuer Date: Mon Mar 25 18:20:27 2019 +0100 s390x assembly pack: update perlasm module Add non-base instructions which are used by the chacha20 and poly1305 modules. Signed-off-by: Patrick Steuer Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8181) commit 11aad862850cb2e639756e7126216b6cf38af26b Author: Patrick Steuer Date: Thu Feb 7 16:44:05 2019 +0100 s390x assembly pack: allow alignment hints for vector load/store z14 introduced alignment hints to help vector load/store performance. For its predecessors, alignment hint defaults to 0 (no alignment indicated). Signed-off-by: Patrick Steuer Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8181) ----------------------------------------------------------------------- Summary of changes: crypto/chacha/asm/chacha-s390x.pl | 2 +- crypto/perlasm/s390x.pm | 94 ++++++++++++++++++++++++++++++++--- crypto/poly1305/asm/poly1305-s390x.pl | 2 +- 3 files changed, 90 insertions(+), 8 deletions(-) diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl index 51efe64..1f22b26 100755 --- a/crypto/chacha/asm/chacha-s390x.pl +++ b/crypto/chacha/asm/chacha-s390x.pl @@ -40,7 +40,7 @@ use strict; use FindBin qw($Bin); use lib "$Bin/../.."; -use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); +use perlasm::s390x qw(:DEFAULT :VX :LD AUTOLOAD LABEL INCLUDE); my $flavour = shift; diff --git a/crypto/perlasm/s390x.pm b/crypto/perlasm/s390x.pm index 5f3a49d..7fb55c7 100644 --- a/crypto/perlasm/s390x.pm +++ b/crypto/perlasm/s390x.pm @@ -6,23 +6,37 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -# Copyright IBM Corp. 2018 +# Copyright IBM Corp. 2018-2019 # Author: Patrick Steuer package perlasm::s390x; use strict; use warnings; +use bigint; use Carp qw(confess); use Exporter qw(import); our @EXPORT=qw(PERLASM_BEGIN PERLASM_END); our @EXPORT_OK=qw(AUTOLOAD LABEL INCLUDE stfle); our %EXPORT_TAGS=( + # long-displacement facility + LD => [qw(clgfi)], + # general-instruction-extension facility + GE => [qw(risbg)], + # extended-immediate facility + EI => [qw(lt)], + # miscellaneous-instruction-extensions facility 1 + MI1 => [qw(risbgn)], + # message-security assist MSA => [qw(kmac km kmc kimd klmd)], + # message-security-assist extension 4 MSA4 => [qw(kmf kmo pcc kmctr)], + # message-security-assist extension 5 MSA5 => [qw(ppno prno)], + # message-security-assist extension 8 MSA8 => [qw(kma)], + # vector facility VX => [qw(vgef vgeg vgbm vzero vone vgm vgmb vgmh vgmf vgmg vl vlr vlrep vlrepb vlreph vlrepf vlrepg vleb vleh vlef vleg vleib vleih vleif vleig vlgv vlgvb vlgvh vlgvf vlgvg vllez vllezb vllezh @@ -71,6 +85,7 @@ our %EXPORT_TAGS=( wfmadb vfms vfmsdb wfmsdb vfpso vfpsodb wfpsodb vflcdb wflcdb vflndb wflndb vflpdb wflpdb vfsq vfsqdb wfsqdb vfs vfsdb wfsdb vftci vftcidb wftcidb)], + # vector-enhancements facility 1 VXE => [qw(vbperm vllezlf vmsl vmslg vnx vnn voc vpopctb vpopcth vpopctf vpopctg vfasb wfasb wfaxb wfcsb wfcxb wfksb wfkxb vfcesb vfcesbs wfcesb wfcesbs wfcexb wfcexbs vfchsb vfchsbs wfchsb wfchsbs @@ -83,10 +98,11 @@ our %EXPORT_TAGS=( wfnmsxb vfpsosb wfpsosb vflcsb wflcsb vflnsb wflnsb vflpsb wflpsb vfpsoxb wfpsoxb vflcxb wflcxb vflnxb wflnxb vflpxb wflpxb vfsqsb wfsqsb wfsqxb vfssb wfssb wfsxb vftcisb wftcisb wftcixb)], + # vector-packed-decimal facility VXD => [qw(vlrlr vlrl vstrlr vstrl vap vcp vcvb vcvbg vcvd vcvdg vdp vlip vmp vmsp vpkz vpsop vrp vsdp vsrp vsp vtp vupkz)], ); -Exporter::export_ok_tags(qw(MSA MSA4 MSA5 MSA8 VX VXE VXD)); +Exporter::export_ok_tags(qw(LD GE EI MI1 MSA MSA4 MSA5 MSA8 VX VXE VXD)); our $AUTOLOAD; @@ -143,6 +159,28 @@ sub stfle { S(0xb2b0, at _); } +# MISC + +sub clgfi { + confess(err("ARGNUM")) if ($#_!=1); + RILa(0xc2e, at _); +} + +sub lt { + confess(err("ARGNUM")) if ($#_!=1); + RXYa(0xe312, at _); +} + +sub risbg { + confess(err("ARGNUM")) if ($#_<3||$#_>4); + RIEf(0xec55, at _); +} + +sub risbgn { + confess(err("ARGNUM")) if ($#_<3||$#_>4); + RIEf(0xec59, at _); +} + # MSA sub kmac { @@ -250,7 +288,7 @@ sub vgmg { } sub vl { - confess(err("ARGNUM")) if ($#_!=1); + confess(err("ARGNUM")) if ($#_<1||$#_>2); VRX(0xe706, at _); } @@ -345,7 +383,7 @@ sub vllezg { } sub vlm { - confess(err("ARGNUM")) if ($#_!=2); + confess(err("ARGNUM")) if ($#_<2||$#_>3); VRSa(0xe736, at _); } @@ -548,7 +586,7 @@ sub vsegf { } sub vst { - confess(err("ARGNUM")) if ($#_!=1); + confess(err("ARGNUM")) if ($#_<1||$#_>2); VRX(0xe70e, at _); } @@ -570,7 +608,7 @@ sub vsteg { } sub vstm { - confess(err("ARGNUM")) if ($#_!=2); + confess(err("ARGNUM")) if ($#_<2||$#_>3); VRSa(0xe73e, at _); } @@ -2486,6 +2524,36 @@ sub vupkz { # Instruction Formats # +sub RIEf { + confess(err("ARGNUM")) if ($#_<4||5<$#_); + my $ops=join(',', at _[1..$#_]); + my $memn=(caller(1))[3]; + $memn=~s/^.*:://; + my ($opcode,$r1,$r2,$i3,$i4,$i5)=(shift,get_R(shift),get_R(shift), + get_I(shift,8),get_I(shift,8), + get_I(shift,8)); + + $out.="\t.word\t"; + $out.=sprintf("%#06x",(($opcode>>8)<<8|$r1<<4|$r2)).","; + $out.=sprintf("%#06x",($i3<<8)|$i4).","; + $out.=sprintf("%#06x",($i5<<8)|($opcode&0xff)); + $out.="\t# $memn\t$ops\n" +} + +sub RILa { + confess(err("ARGNUM")) if ($#_!=2); + my $ops=join(',', at _[1..$#_]); + my $memn=(caller(1))[3]; + $memn=~s/^.*:://; + my ($opcode,$r1,$i2)=(shift,get_R(shift),get_I(shift,32)); + + $out.="\t.word\t"; + $out.=sprintf("%#06x",(($opcode>>4)<<8|$r1<<4|($opcode&0xf))).","; + $out.=sprintf("%#06x",($i2>>16)).","; + $out.=sprintf("%#06x",($i2&0xffff)); + $out.="\t# $memn\t$ops\n" +} + sub RRE { confess(err("ARGNUM")) if ($#_<0||2<$#_); my $ops=join(',', at _[1..$#_]); @@ -2510,6 +2578,20 @@ sub RRFb { $out.="\t# $memn\t$ops\n" } +sub RXYa { + confess(err("ARGNUM")) if ($#_!=2); + my $ops=join(',', at _[1..$#_]); + my $memn=(caller(1))[3]; + $memn=~s/^.*:://; + my ($opcode,$r1,$d2,$x2,$b2)=(shift,get_R(shift),get_DXB(shift)); + + $out.="\t.word\t"; + $out.=sprintf("%#06x",(($opcode>>8)<<8|$r1<<4|$x2)).","; + $out.=sprintf("%#06x",($b2<<12|($d2&0xfff))).","; + $out.=sprintf("%#06x",(($d2>>12)<<8|$opcode&0xff)); + $out.="\t# $memn\t$ops\n" +} + sub S { confess(err("ARGNUM")) if ($#_<0||1<$#_); my $ops=join(',', at _[1..$#_]); diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl index ea1c2d8..73efdd9 100755 --- a/crypto/poly1305/asm/poly1305-s390x.pl +++ b/crypto/poly1305/asm/poly1305-s390x.pl @@ -45,7 +45,7 @@ use strict; use FindBin qw($Bin); use lib "$Bin/../.."; -use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); +use perlasm::s390x qw(:DEFAULT :LD :GE :EI :MI1 :VX AUTOLOAD LABEL INCLUDE); my $flavour = shift; From no-reply at appveyor.com Thu Apr 25 21:33:13 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 25 Apr 2019 21:33:13 +0000 Subject: Build completed: openssl master.24322 Message-ID: <20190425213313.1.911C70E0B92CEFF7@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Apr 25 21:31:57 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Apr 2019 21:31:57 +0000 Subject: Still Failing: openssl/openssl#24920 (master - 5ee08f4) In-Reply-To: Message-ID: <5cc2274ca9722_43fdda5665220787b9@12f22daa-670a-4912-a074-473374c5763b.mail> Build Update for openssl/openssl ------------------------------------- Build: #24920 Status: Still Failing Duration: 23 mins and 28 secs Commit: 5ee08f4 (master) Author: Patrick Steuer Message: s390x assembly pack: remove poly1305 dependency on non-base memnonics Signed-off-by: Patrick Steuer Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8181) View the changeset: https://github.com/openssl/openssl/compare/bb5b3e6dd057...5ee08f45bcab View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524670370?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Apr 25 22:09:36 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 25 Apr 2019 22:09:36 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1556230176.807005.17897.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 57aac8b59d413ba04eede6e206550cbd660f7324 (commit) from 4a71766793bbd54da8915619d497c1bfd8646256 (commit) - Log ----------------------------------------------------------------- commit 57aac8b59d413ba04eede6e206550cbd660f7324 Author: Pauli Date: Fri Apr 26 07:43:38 2019 +1000 Revert "Statistically test BN_rand_range()." The testutil support for doubles isn't present in 1.1.1. This reverts commit 4a71766793bbd54da8915619d497c1bfd8646256 from #8818. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8829) ----------------------------------------------------------------------- Summary of changes: test/bntest.c | 68 ----------------------------------------------------------- 1 file changed, 68 deletions(-) diff --git a/test/bntest.c b/test/bntest.c index 5c267bd..c68d7f6 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1954,73 +1954,6 @@ static int test_rand(void) return st; } -/* - * Run some statistical tests to provide a degree confidence that the - * BN_rand_range() function works as expected. The critical value - * is computed using the R statistical suite: - * - * qchisq(alpha, df=iterations - 1) - * - * where alpha is the significance level (0.95 is used here) and iterations - * is the number of samples being drawn. - */ -static const struct { - unsigned int range; - unsigned int iterations; - double critical; -} rand_range_cases[] = { - { 2, 100, 123.2252 /* = qchisq(.95, df=99) */ }, - { 12, 1000, 1073.643 /* = qchisq(.95, df=999) */ }, - { 1023, 100000, 100735.7 /* = qchisq(.95, df=99999) */ }, -}; - -static int test_rand_range(int n) -{ - const unsigned int range = rand_range_cases[n].range; - const unsigned int iterations = rand_range_cases[n].iterations; - const double critical = rand_range_cases[n].critical; - const double expected = iterations / (double)range; - double sum = 0; - BIGNUM *rng = NULL, *val = NULL; - size_t *counts; - unsigned int i, v; - int res = 0; - - if (!TEST_ptr(counts = OPENSSL_zalloc(sizeof(*counts) * range)) - || !TEST_ptr(rng = BN_new()) - || !TEST_ptr(val = BN_new()) - || !TEST_true(BN_set_word(rng, range))) - goto err; - for (i = 0; i < iterations; i++) { - if (!TEST_true(BN_rand_range(val, rng)) - || !TEST_uint_lt(v = (unsigned int)BN_get_word(val), range)) - goto err; - counts[v]++; - } - - TEST_note("range %u iterations %u critical %.4f", range, iterations, - critical); - if (range < 20) { - TEST_note("frequencies (expected %.2f)", expected); - for (i = 0; i < range; i++) - TEST_note(" %2u %6zu", i, counts[i]); - } - for (i = 0; i < range; i++) { - const double delta = counts[i] - expected; - sum += delta * delta; - } - sum /= expected; - TEST_note("test statistic %.4f", sum); - - if (TEST_double_lt(sum, critical)) - res = 1; -err: - BN_free(rng); - BN_free(val); - OPENSSL_free(counts); - return res; -} - static int test_negzero(void) { BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; @@ -2488,7 +2421,6 @@ int setup_tests(void) #endif ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes)); ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes)); - ADD_ALL_TESTS(test_rand_range, OSSL_NELEM(rand_range_cases)); } else { ADD_ALL_TESTS(run_file_tests, n); } From builds at travis-ci.org Thu Apr 25 22:30:01 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 25 Apr 2019 22:30:01 +0000 Subject: Still Failing: openssl/openssl#24922 (OpenSSL_1_1_1-stable - 57aac8b) In-Reply-To: Message-ID: <5cc234e8cc8a7_43fecffb9f560396749@144ac2e5-d6ab-45d5-bea4-21eed94df60c.mail> Build Update for openssl/openssl ------------------------------------- Build: #24922 Status: Still Failing Duration: 19 mins and 42 secs Commit: 57aac8b (OpenSSL_1_1_1-stable) Author: Pauli Message: Revert "Statistically test BN_rand_range()." The testutil support for doubles isn't present in 1.1.1. This reverts commit 4a71766793bbd54da8915619d497c1bfd8646256 from #8818. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/8829) View the changeset: https://github.com/openssl/openssl/compare/4a71766793bb...57aac8b59d41 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524694578?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Apr 26 05:52:41 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 26 Apr 2019 05:52:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1556257961.054429.15317.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 5ee08f45bc s390x assembly pack: remove poly1305 dependency on non-base memnonics 302aa3c26d s390x assembly pack: remove chacha20 dependency on non-base memnonics 3062468b0a s390x assembly pack: update perlasm module 11aad86285 s390x assembly pack: allow alignment hints for vector load/store bb5b3e6dd0 Statistically test BN_rand_range(). 3119ab3c9e Fix error in BIO_get_ktls_send() and BIO_get_ktls_recv() 8450d0c784 Fix KTLS compilation error 514c9da48b Enforce a strict output length check in CRYPTO_ccm128_tag Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:36: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:41: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6920: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From davidben at google.com Fri Apr 26 15:09:19 2019 From: davidben at google.com (davidben at google.com) Date: Fri, 26 Apr 2019 15:09:19 +0000 Subject: [openssl] master update Message-ID: <1556291359.908385.8660.nullmailer@dev.openssl.org> The branch master has been updated via d7fcf1feac3b3b1bf1a162f632b1e7db4f075aed (commit) from 5ee08f45bcabc3cef0d7d7b2aa6ecad12ca4197b (commit) - Log ----------------------------------------------------------------- commit d7fcf1feac3b3b1bf1a162f632b1e7db4f075aed Author: David Benjamin Date: Mon Apr 15 22:36:40 2019 -0500 Copy RSA-PSS saltlen in EVP_PKEY_CTX_dup. pkey_rsa_copy was missing a field. Test this by repeating the operation through an EVP_PKEY_CTX_dup copy in evp_test. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8759) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_pmeth.c | 1 + test/evp_test.c | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 8931d7e..3d3e971 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -89,6 +89,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) dctx->pad_mode = sctx->pad_mode; dctx->md = sctx->md; dctx->mgf1md = sctx->mgf1md; + dctx->saltlen = sctx->saltlen; if (sctx->oaep_label) { OPENSSL_free(dctx->oaep_label); dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); diff --git a/test/evp_test.c b/test/evp_test.c index cad580e..0563986 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1378,6 +1378,7 @@ static int pkey_test_run(EVP_TEST *t) PKEY_DATA *expected = t->data; unsigned char *got = NULL; size_t got_len; + EVP_PKEY_CTX *copy = NULL; if (expected->keyop(expected->ctx, NULL, &got_len, expected->input, expected->input_len) <= 0 @@ -1396,8 +1397,33 @@ static int pkey_test_run(EVP_TEST *t) goto err; t->err = NULL; + OPENSSL_free(got); + got = NULL; + + /* Repeat the test on a copy. */ + if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) { + t->err = "INTERNAL_ERROR"; + goto err; + } + if (expected->keyop(copy, NULL, &got_len, expected->input, + expected->input_len) <= 0 + || !TEST_ptr(got = OPENSSL_malloc(got_len))) { + t->err = "KEYOP_LENGTH_ERROR"; + goto err; + } + if (expected->keyop(copy, got, &got_len, expected->input, + expected->input_len) <= 0) { + t->err = "KEYOP_ERROR"; + goto err; + } + if (!memory_err_compare(t, "KEYOP_MISMATCH", + expected->output, expected->output_len, + got, got_len)) + goto err; + err: OPENSSL_free(got); + EVP_PKEY_CTX_free(copy); return 1; } From builds at travis-ci.org Fri Apr 26 15:27:58 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 26 Apr 2019 15:27:58 +0000 Subject: Still Failing: openssl/openssl#24927 (master - d7fcf1f) In-Reply-To: Message-ID: <5cc3237e1f9a8_43fd942a5c27835479e@3408d21e-74c7-40dc-8580-43e4d6dd21fd.mail> Build Update for openssl/openssl ------------------------------------- Build: #24927 Status: Still Failing Duration: 18 mins and 1 sec Commit: d7fcf1f (master) Author: David Benjamin Message: Copy RSA-PSS saltlen in EVP_PKEY_CTX_dup. pkey_rsa_copy was missing a field. Test this by repeating the operation through an EVP_PKEY_CTX_dup copy in evp_test. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8759) View the changeset: https://github.com/openssl/openssl/compare/5ee08f45bcab...d7fcf1feac3b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/524995939?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Apr 26 23:56:21 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 26 Apr 2019 23:56:21 +0000 Subject: Build failed: openssl master.24335 Message-ID: <20190426235621.1.D2C548AC199EFC44@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Apr 29 00:06:56 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 29 Apr 2019 00:06:56 +0000 Subject: Build failed: openssl master.24340 Message-ID: <20190429000656.1.54E870BB0491769E@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Apr 29 05:51:35 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 29 Apr 2019 05:51:35 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1556517095.299423.13563.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: d7fcf1feac Copy RSA-PSS saltlen in EVP_PKEY_CTX_dup. Build log ended with (last 100 lines): /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:128: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:138: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:140: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:141: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:147: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:150: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:(.text+0x3a8): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:172: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:164: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:130: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:179: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:184: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o: In function `SHA256_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:191: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:200: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:194: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: undefined reference to `__afl_prev_loc' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:36: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:41: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6920: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Mon Apr 29 07:28:24 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 29 Apr 2019 07:28:24 +0000 Subject: Build completed: openssl master.24341 Message-ID: <20190429072824.1.7DBDBD33A6F4885C@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Apr 29 16:31:00 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 29 Apr 2019 16:31:00 +0000 Subject: [openssl] master update Message-ID: <1556555460.567719.11188.nullmailer@dev.openssl.org> The branch master has been updated via 555cbb328ee2eaa9356cd23e2194c1600653c500 (commit) from d7fcf1feac3b3b1bf1a162f632b1e7db4f075aed (commit) - Log ----------------------------------------------------------------- commit 555cbb328ee2eaa9356cd23e2194c1600653c500 Author: Todd Short Date: Wed Dec 12 13:09:50 2018 -0500 Collapse ssl3_state_st (s3) into ssl_st With the removal of SSLv2, the s3 structure is always allocated, so there is little point in having it be an allocated pointer. Collapse the ssl3_state_st structure into ssl_st and fixup any references. This should be faster than going through an indirection and due to fewer allocations, but I'm not seeing any significant performance improvement; it seems to be within the margin of error in timing. Reviewed-by: Paul Yang Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7888) ----------------------------------------------------------------------- Summary of changes: ssl/d1_msg.c | 14 +- ssl/record/rec_layer_d1.c | 24 +-- ssl/record/rec_layer_s3.c | 28 ++-- ssl/record/ssl3_record.c | 24 +-- ssl/record/ssl3_record_tls13.c | 4 +- ssl/s3_enc.c | 88 +++++----- ssl/s3_lib.c | 156 +++++++++--------- ssl/s3_msg.c | 20 +-- ssl/ssl_cert.c | 4 +- ssl/ssl_lib.c | 97 +++++------ ssl/ssl_locl.h | 362 ++++++++++++++++++++--------------------- ssl/ssl_sess.c | 6 +- ssl/statem/extensions.c | 44 ++--- ssl/statem/extensions_clnt.c | 86 +++++----- ssl/statem/extensions_srvr.c | 108 ++++++------ ssl/statem/statem.c | 14 +- ssl/statem/statem_clnt.c | 164 +++++++++---------- ssl/statem/statem_dtls.c | 14 +- ssl/statem/statem_lib.c | 104 ++++++------ ssl/statem/statem_srvr.c | 156 +++++++++--------- ssl/t1_enc.c | 76 ++++----- ssl/t1_lib.c | 136 ++++++++-------- ssl/t1_trce.c | 2 +- ssl/tls13_enc.c | 16 +- test/tls13encryptiontest.c | 4 +- 25 files changed, 868 insertions(+), 883 deletions(-) diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c index 257ee7e..0891d94 100644 --- a/ssl/d1_msg.c +++ b/ssl/d1_msg.c @@ -41,22 +41,22 @@ int dtls1_dispatch_alert(SSL *s) unsigned char *ptr = &buf[0]; size_t written; - s->s3->alert_dispatch = 0; + s->s3.alert_dispatch = 0; memset(buf, 0, sizeof(buf)); - *ptr++ = s->s3->send_alert[0]; - *ptr++ = s->s3->send_alert[1]; + *ptr++ = s->s3.send_alert[0]; + *ptr++ = s->s3.send_alert[1]; i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written); if (i <= 0) { - s->s3->alert_dispatch = 1; + s->s3.alert_dispatch = 1; /* fprintf( stderr, "not done with alert\n" ); */ } else { - if (s->s3->send_alert[0] == SSL3_AL_FATAL) + if (s->s3.send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); if (s->msg_callback) - s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, + s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, 2, s, s->msg_callback_arg); if (s->info_callback != NULL) @@ -65,7 +65,7 @@ int dtls1_dispatch_alert(SSL *s) cb = s->ctx->info_callback; if (cb != NULL) { - j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]; + j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1]; cb(s, SSL_CB_WRITE_ALERT, j); } } diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index a4b03ce..821c9cc 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -374,10 +374,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_NOTHING; /*- - * s->s3->rrec.type - is the type of record - * s->s3->rrec.data, - data - * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. + * s->s3.rrec.type - is the type of record + * s->s3.rrec.data, - data + * s->s3.rrec.off, - offset into 'data' for next read + * s->s3.rrec.length, - number of bytes. */ rr = s->rlayer.rrec; @@ -442,8 +442,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* we now have a packet which can be read and processed */ - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ + if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec, + * reset by ssl3_get_finished */ && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { /* * We now have application data between CCS and Finished. Most likely @@ -574,7 +574,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (alert_level == SSL3_AL_WARNING) { - s->s3->warn_alert = alert_descr; + s->s3.warn_alert = alert_descr; SSL3_RECORD_set_read(rr); s->rlayer.alert_count++; @@ -607,7 +607,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, char tmp[16]; s->rwstate = SSL_NOTHING; - s->s3->fatal_alert = alert_descr; + s->s3.fatal_alert = alert_descr; SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); @@ -761,10 +761,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * application data at this point (session renegotiation not yet * started), we will indulge it. */ - if (s->s3->in_read_app_data && - (s->s3->total_renegotiations != 0) && + if (s->s3.in_read_app_data && + (s->s3.total_renegotiations != 0) && ossl_statem_app_data_allowed(s)) { - s->s3->in_read_app_data = 2; + s->s3.in_read_app_data = 2; return -1; } else { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, @@ -818,7 +818,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, } /* If we have an alert to send, lets send it */ - if (s->s3->alert_dispatch) { + if (s->s3.alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) return i; diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 8b2320d..64e132a 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -172,7 +172,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase * packet by another n bytes. The packet will be in the sub-array of - * s->s3->rbuf.buf specified by s->packet and s->packet_length. (If + * s->s3.rbuf.buf specified by s->packet and s->packet_length. (If * s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus * s->packet_length bytes if extend == 1].) * if clearold == 1, move the packet to the start of the buffer; if @@ -288,7 +288,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, int ret; /* - * Now we have len+left bytes at the front of s->s3->rbuf.buf and + * Now we have len+left bytes at the front of s->s3.rbuf.buf and * need to read in more until we have len+n (up to len+max if * possible) */ @@ -461,7 +461,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, break; } - if (s->s3->alert_dispatch) { + if (s->s3.alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) { /* SSLfatal() already called if appropriate */ @@ -630,7 +630,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, * next chunk of data should get another prepended empty fragment * in ciphersuites with known-IV weakness: */ - s->s3->empty_fragment_done = 0; + s->s3.empty_fragment_done = 0; if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) @@ -675,7 +675,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } /* If we have an alert to send, lets send it */ - if (s->s3->alert_dispatch) { + if (s->s3.alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) { /* SSLfatal() already called if appropriate */ @@ -713,13 +713,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* * 'create_empty_fragment' is true only when this function calls itself */ - if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { + if (!clear && !create_empty_fragment && !s->s3.empty_fragment_done) { /* * countermeasure against known-IV weakness in CBC ciphersuites (see * http://www.openssl.org/~bodo/tls-cbc.txt) */ - if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) { + if (s->s3.need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) { /* * recursive function call with 'create_empty_fragment' set; this * prepares and buffers the data for an empty fragment (these @@ -744,7 +744,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } } - s->s3->empty_fragment_done = 1; + s->s3.empty_fragment_done = 1; } if (BIO_get_ktls_send(s->wbio)) { @@ -1148,7 +1148,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, return -1; } -/* if s->s3->wbuf.left != 0, we need to call this +/* if s->s3.wbuf.left != 0, we need to call this * * Return values are as per SSL_write() */ @@ -1385,8 +1385,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* we now have a packet which can be read and processed */ - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ + if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec, + * reset by ssl3_get_finished */ && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); @@ -1558,7 +1558,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (alert_level == SSL3_AL_WARNING || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) { - s->s3->warn_alert = alert_descr; + s->s3.warn_alert = alert_descr; SSL3_RECORD_set_read(rr); s->rlayer.alert_count++; @@ -1583,7 +1583,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, char tmp[16]; s->rwstate = SSL_NOTHING; - s->s3->fatal_alert = alert_descr; + s->s3.fatal_alert = alert_descr; SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); @@ -1767,7 +1767,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * started), we will indulge it. */ if (ossl_statem_app_data_allowed(s)) { - s->s3->in_read_app_data = 2; + s->s3.in_read_app_data = 2; return -1; } else if (ossl_statem_skip_early_data(s)) { /* diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index f758f17..d32516e 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1224,11 +1224,11 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) int t; if (sending) { - mac_sec = &(ssl->s3->write_mac_secret[0]); + mac_sec = &(ssl->s3.write_mac_secret[0]); seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer); hash = ssl->write_hash; } else { - mac_sec = &(ssl->s3->read_mac_secret[0]); + mac_sec = &(ssl->s3.read_mac_secret[0]); seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer); hash = ssl->read_hash; } @@ -1377,8 +1377,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) md, &md_size, header, rec->input, rec->length + md_size, rec->orig_len, - ssl->s3->read_mac_secret, - ssl->s3->read_mac_secret_size, 0) <= 0) { + ssl->s3.read_mac_secret, + ssl->s3.read_mac_secret_size, 0) <= 0) { EVP_MD_CTX_free(hmac); return 0; } @@ -1805,11 +1805,11 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) rr->off = 0; /*- * So at this point the following is true - * ssl->s3->rrec.type is the type of record - * ssl->s3->rrec.length == number of bytes in record - * ssl->s3->rrec.off == offset to first valid byte - * ssl->s3->rrec.data == where to take bytes from, increment - * after use :-). + * ssl->s3.rrec.type is the type of record + * ssl->s3.rrec.length == number of bytes in record + * ssl->s3.rrec.off == offset to first valid byte + * ssl->s3.rrec.data == where to take bytes from, increment + * after use :-). */ /* we have pulled in a full packet so zero things */ @@ -1833,9 +1833,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. * When it finishes, one packet has been decoded and can be found in - * ssl->s3->rrec.type - is the type of record - * ssl->s3->rrec.data, - data - * ssl->s3->rrec.length, - number of bytes + * ssl->s3.rrec.type - is the type of record + * ssl->s3.rrec.data - data + * ssl->s3.rrec.length - number of bytes */ /* used only by dtls1_read_bytes */ int dtls1_get_record(SSL *s) diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index 30e5ddd..b3bda1f 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -84,12 +84,12 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) * To get here we must have selected a ciphersuite - otherwise ctx would * be NULL */ - if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) { + if (!ossl_assert(s->s3.tmp.new_cipher != NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); return -1; } - alg_enc = s->s3->tmp.new_cipher->algorithm_enc; + alg_enc = s->s3.tmp.new_cipher->algorithm_enc; } if (alg_enc & SSL_AESCCM) { diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 4d884f4..de4e678 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -51,8 +51,8 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) || !EVP_DigestUpdate(s1, buf, k) || !EVP_DigestUpdate(s1, s->session->master_key, s->session->master_key_length) - || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE) - || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE) + || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE) + || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE) || !EVP_DigestFinal_ex(s1, smd, NULL) || !EVP_DigestInit_ex(m5, EVP_md5(), NULL) || !EVP_DigestUpdate(m5, s->session->master_key, @@ -101,8 +101,8 @@ int ssl3_change_cipher_state(SSL *s, int which) size_t n, i, j, k, cl; int reuse_dd = 0; - c = s->s3->tmp.new_sym_enc; - m = s->s3->tmp.new_hash; + c = s->s3.tmp.new_sym_enc; + m = s->s3.tmp.new_hash; /* m == NULL will lead to a crash later */ if (!ossl_assert(m != NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, @@ -110,10 +110,10 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; } #ifndef OPENSSL_NO_COMP - if (s->s3->tmp.new_compression == NULL) + if (s->s3.tmp.new_compression == NULL) comp = NULL; else - comp = s->s3->tmp.new_compression->method; + comp = s->s3.tmp.new_compression->method; #endif if (which & SSL3_CC_READ) { @@ -151,7 +151,7 @@ int ssl3_change_cipher_state(SSL *s, int which) } #endif RECORD_LAYER_reset_read_sequence(&s->rlayer); - mac_secret = &(s->s3->read_mac_secret[0]); + mac_secret = &(s->s3.read_mac_secret[0]); } else { s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; if (s->enc_write_ctx != NULL) { @@ -187,13 +187,13 @@ int ssl3_change_cipher_state(SSL *s, int which) } #endif RECORD_LAYER_reset_write_sequence(&s->rlayer); - mac_secret = &(s->s3->write_mac_secret[0]); + mac_secret = &(s->s3.write_mac_secret[0]); } if (reuse_dd) EVP_CIPHER_CTX_reset(dd); - p = s->s3->tmp.key_block; + p = s->s3.tmp.key_block; mdi = EVP_MD_size(m); if (mdi < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, @@ -222,7 +222,7 @@ int ssl3_change_cipher_state(SSL *s, int which) n += k; } - if (n > s->s3->tmp.key_block_length) { + if (n > s->s3.tmp.key_block_length) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err; @@ -251,7 +251,7 @@ int ssl3_setup_key_block(SSL *s) int ret = 0; SSL_COMP *comp; - if (s->s3->tmp.key_block_length != 0) + if (s->s3.tmp.key_block_length != 0) return 1; if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { @@ -260,12 +260,12 @@ int ssl3_setup_key_block(SSL *s) return 0; } - s->s3->tmp.new_sym_enc = c; - s->s3->tmp.new_hash = hash; + s->s3.tmp.new_sym_enc = c; + s->s3.tmp.new_hash = hash; #ifdef OPENSSL_NO_COMP - s->s3->tmp.new_compression = NULL; + s->s3.tmp.new_compression = NULL; #else - s->s3->tmp.new_compression = comp; + s->s3.tmp.new_compression = comp; #endif num = EVP_MD_size(hash); @@ -283,8 +283,8 @@ int ssl3_setup_key_block(SSL *s) return 0; } - s->s3->tmp.key_block_length = num; - s->s3->tmp.key_block = p; + s->s3.tmp.key_block_length = num; + s->s3.tmp.key_block = p; /* Calls SSLfatal() as required */ ret = ssl3_generate_key_block(s, p, num); @@ -294,15 +294,15 @@ int ssl3_setup_key_block(SSL *s) * enable vulnerability countermeasure for CBC ciphers with known-IV * problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - s->s3->need_empty_fragments = 1; + s->s3.need_empty_fragments = 1; if (s->session->cipher != NULL) { if (s->session->cipher->algorithm_enc == SSL_eNULL) - s->s3->need_empty_fragments = 0; + s->s3.need_empty_fragments = 0; #ifndef OPENSSL_NO_RC4 if (s->session->cipher->algorithm_enc == SSL_RC4) - s->s3->need_empty_fragments = 0; + s->s3.need_empty_fragments = 0; #endif } } @@ -312,9 +312,9 @@ int ssl3_setup_key_block(SSL *s) void ssl3_cleanup_key_block(SSL *s) { - OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length); - s->s3->tmp.key_block = NULL; - s->s3->tmp.key_block_length = 0; + OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length); + s->s3.tmp.key_block = NULL; + s->s3.tmp.key_block_length = 0; } int ssl3_init_finished_mac(SSL *s) @@ -327,8 +327,8 @@ int ssl3_init_finished_mac(SSL *s) return 0; } ssl3_free_digest_list(s); - s->s3->handshake_buffer = buf; - (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); + s->s3.handshake_buffer = buf; + (void)BIO_set_close(s->s3.handshake_buffer, BIO_CLOSE); return 1; } @@ -339,31 +339,31 @@ int ssl3_init_finished_mac(SSL *s) void ssl3_free_digest_list(SSL *s) { - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; - EVP_MD_CTX_free(s->s3->handshake_dgst); - s->s3->handshake_dgst = NULL; + BIO_free(s->s3.handshake_buffer); + s->s3.handshake_buffer = NULL; + EVP_MD_CTX_free(s->s3.handshake_dgst); + s->s3.handshake_dgst = NULL; } int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) { int ret; - if (s->s3->handshake_dgst == NULL) { + if (s->s3.handshake_dgst == NULL) { /* Note: this writes to a memory BIO so a failure is a fatal error */ if (len > INT_MAX) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, SSL_R_OVERFLOW_ERROR); return 0; } - ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); + ret = BIO_write(s->s3.handshake_buffer, (void *)buf, (int)len); if (ret <= 0 || ret != (int)len) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, ERR_R_INTERNAL_ERROR); return 0; } } else { - ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len); if (!ret) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, ERR_R_INTERNAL_ERROR); @@ -379,32 +379,32 @@ int ssl3_digest_cached_records(SSL *s, int keep) long hdatalen; void *hdata; - if (s->s3->handshake_dgst == NULL) { - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + if (s->s3.handshake_dgst == NULL) { + hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); if (hdatalen <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); return 0; } - s->s3->handshake_dgst = EVP_MD_CTX_new(); - if (s->s3->handshake_dgst == NULL) { + s->s3.handshake_dgst = EVP_MD_CTX_new(); + if (s->s3.handshake_dgst == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); return 0; } md = ssl_handshake_md(s); - if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) - || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { + if (md == NULL || !EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL) + || !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR); return 0; } } if (keep == 0) { - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; + BIO_free(s->s3.handshake_buffer); + s->s3.handshake_buffer = NULL; } return 1; @@ -421,7 +421,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, return 0; } - if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) { + if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, SSL_R_NO_REQUIRED_DIGEST); return 0; @@ -433,7 +433,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, ERR_R_MALLOC_FAILURE); return 0; } - if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { + if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); ret = 0; @@ -494,9 +494,9 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, || EVP_DigestUpdate(ctx, salt[i], strlen((const char *)salt[i])) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 - || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), + || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), + || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), SSL3_RANDOM_SIZE) <= 0 /* TODO(size_t) : convert me */ || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 330b9e3..4ed9894 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3292,11 +3292,6 @@ int ssl3_handshake_write(SSL *s) int ssl3_new(SSL *s) { - SSL3_STATE *s3; - - if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL) - goto err; - s->s3 = s3; #ifndef OPENSSL_NO_SRP if (!SSL_SRP_CTX_init(s)) @@ -3313,57 +3308,56 @@ int ssl3_new(SSL *s) void ssl3_free(SSL *s) { - if (s == NULL || s->s3 == NULL) + if (s == NULL) return; ssl3_cleanup_key_block(s); #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - EVP_PKEY_free(s->s3->peer_tmp); - s->s3->peer_tmp = NULL; - EVP_PKEY_free(s->s3->tmp.pkey); - s->s3->tmp.pkey = NULL; + EVP_PKEY_free(s->s3.peer_tmp); + s->s3.peer_tmp = NULL; + EVP_PKEY_free(s->s3.tmp.pkey); + s->s3.tmp.pkey = NULL; #endif - OPENSSL_free(s->s3->tmp.ctype); - sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); - OPENSSL_free(s->s3->tmp.ciphers_raw); - OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); - OPENSSL_free(s->s3->tmp.peer_sigalgs); - OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); + OPENSSL_free(s->s3.tmp.ctype); + sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); + OPENSSL_free(s->s3.tmp.ciphers_raw); + OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); + OPENSSL_free(s->s3.tmp.peer_sigalgs); + OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); ssl3_free_digest_list(s); - OPENSSL_free(s->s3->alpn_selected); - OPENSSL_free(s->s3->alpn_proposed); + OPENSSL_free(s->s3.alpn_selected); + OPENSSL_free(s->s3.alpn_proposed); #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif - OPENSSL_clear_free(s->s3, sizeof(*s->s3)); - s->s3 = NULL; + memset(&s->s3, 0, sizeof(s->s3)); } int ssl3_clear(SSL *s) { ssl3_cleanup_key_block(s); - OPENSSL_free(s->s3->tmp.ctype); - sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); - OPENSSL_free(s->s3->tmp.ciphers_raw); - OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); - OPENSSL_free(s->s3->tmp.peer_sigalgs); - OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); + OPENSSL_free(s->s3.tmp.ctype); + sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); + OPENSSL_free(s->s3.tmp.ciphers_raw); + OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); + OPENSSL_free(s->s3.tmp.peer_sigalgs); + OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - EVP_PKEY_free(s->s3->tmp.pkey); - EVP_PKEY_free(s->s3->peer_tmp); + EVP_PKEY_free(s->s3.tmp.pkey); + EVP_PKEY_free(s->s3.peer_tmp); #endif /* !OPENSSL_NO_EC */ ssl3_free_digest_list(s); - OPENSSL_free(s->s3->alpn_selected); - OPENSSL_free(s->s3->alpn_proposed); + OPENSSL_free(s->s3.alpn_selected); + OPENSSL_free(s->s3.alpn_proposed); /* NULL/zero-out everything in the s3 struct */ - memset(s->s3, 0, sizeof(*s->s3)); + memset(&s->s3, 0, sizeof(s->s3)); if (!ssl_free_wbio_buffer(s)) return 0; @@ -3396,17 +3390,17 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_CLIENT_CERT_REQUEST: break; case SSL_CTRL_GET_NUM_RENEGOTIATIONS: - ret = s->s3->num_renegotiations; + ret = s->s3.num_renegotiations; break; case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: - ret = s->s3->num_renegotiations; - s->s3->num_renegotiations = 0; + ret = s->s3.num_renegotiations; + s->s3.num_renegotiations = 0; break; case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: - ret = s->s3->total_renegotiations; + ret = s->s3.total_renegotiations; break; case SSL_CTRL_GET_FLAGS: - ret = (int)(s->s3->flags); + ret = (int)(s->s3.flags); break; #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: @@ -3571,7 +3565,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) const SSL_CIPHER *cipher; if (!s->server) return 0; - cipher = s->s3->tmp.new_cipher; + cipher = s->s3.tmp.new_cipher; if (cipher == NULL) return 0; /* @@ -3580,9 +3574,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) */ if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) return 2; - if (s->s3->tmp.cert == NULL) + if (s->s3.tmp.cert == NULL) return 0; - s->cert->key = s->s3->tmp.cert; + s->cert->key = s->s3.tmp.cert; return 1; } return ssl_cert_set_current(s->cert, larg); @@ -3648,11 +3642,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_CLIENT_CERT_TYPES: { const unsigned char **pctype = parg; - if (s->server || !s->s3->tmp.cert_req) + if (s->server || !s->s3.tmp.cert_req) return 0; if (pctype) - *pctype = s->s3->tmp.ctype; - return s->s3->tmp.ctype_len; + *pctype = s->s3.tmp.ctype; + return s->s3.tmp.ctype_len; } case SSL_CTRL_SET_CLIENT_CERT_TYPES: @@ -3670,24 +3664,24 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_set_cert_store(s->cert, parg, 1, larg); case SSL_CTRL_GET_PEER_SIGNATURE_NID: - if (s->s3->tmp.peer_sigalg == NULL) + if (s->s3.tmp.peer_sigalg == NULL) return 0; - *(int *)parg = s->s3->tmp.peer_sigalg->hash; + *(int *)parg = s->s3.tmp.peer_sigalg->hash; return 1; case SSL_CTRL_GET_SIGNATURE_NID: - if (s->s3->tmp.sigalg == NULL) + if (s->s3.tmp.sigalg == NULL) return 0; - *(int *)parg = s->s3->tmp.sigalg->hash; + *(int *)parg = s->s3.tmp.sigalg->hash; return 1; case SSL_CTRL_GET_PEER_TMP_KEY: #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) - if (s->session == NULL || s->s3->peer_tmp == NULL) { + if (s->session == NULL || s->s3.peer_tmp == NULL) { return 0; } else { - EVP_PKEY_up_ref(s->s3->peer_tmp); - *(EVP_PKEY **)parg = s->s3->peer_tmp; + EVP_PKEY_up_ref(s->s3.peer_tmp); + *(EVP_PKEY **)parg = s->s3.peer_tmp; return 1; } #else @@ -3696,11 +3690,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_TMP_KEY: #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) - if (s->session == NULL || s->s3->tmp.pkey == NULL) { + if (s->session == NULL || s->s3.tmp.pkey == NULL) { return 0; } else { - EVP_PKEY_up_ref(s->s3->tmp.pkey); - *(EVP_PKEY **)parg = s->s3->tmp.pkey; + EVP_PKEY_up_ref(s->s3.tmp.pkey); + *(EVP_PKEY **)parg = s->s3.tmp.pkey; return 1; } #else @@ -4255,8 +4249,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, * key exchange scheme skip tests. */ if (!SSL_IS_TLS13(s)) { - mask_k = s->s3->tmp.mask_k; - mask_a = s->s3->tmp.mask_a; + mask_k = s->s3.tmp.mask_k; + mask_a = s->s3.tmp.mask_a; #ifndef OPENSSL_NO_SRP if (s->srp_ctx.srp_Mask & SSL_kSRP) { mask_k |= SSL_kSRP; @@ -4298,7 +4292,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, continue; #if !defined(OPENSSL_NO_EC) if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) - && s->s3->is_probably_safari) { + && s->s3.is_probably_safari) { if (!ret) ret = sk_SSL_CIPHER_value(allow, ii); continue; @@ -4335,7 +4329,7 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) /* Get mask of algorithms disabled by signature list */ ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + alg_k = s->s3.tmp.new_cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) @@ -4411,11 +4405,11 @@ int ssl3_shutdown(SSL *s) ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); /* * our shutdown alert has been sent now, and if it still needs to be - * written, s->s3->alert_dispatch will be true + * written, s->s3.alert_dispatch will be true */ - if (s->s3->alert_dispatch) + if (s->s3.alert_dispatch) return -1; /* return WANT_WRITE */ - } else if (s->s3->alert_dispatch) { + } else if (s->s3.alert_dispatch) { /* resend it if not sent */ ret = s->method->ssl_dispatch_alert(s); if (ret == -1) { @@ -4438,7 +4432,7 @@ int ssl3_shutdown(SSL *s) } if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && - !s->s3->alert_dispatch) + !s->s3.alert_dispatch) return 1; else return 0; @@ -4447,7 +4441,7 @@ int ssl3_shutdown(SSL *s) int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) { clear_sys_error(); - if (s->s3->renegotiate) + if (s->s3.renegotiate) ssl3_renegotiate_check(s, 0); return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, @@ -4460,13 +4454,13 @@ static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, int ret; clear_sys_error(); - if (s->s3->renegotiate) + if (s->s3.renegotiate) ssl3_renegotiate_check(s, 0); - s->s3->in_read_app_data = 1; + s->s3.in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, peek, readbytes); - if ((ret == -1) && (s->s3->in_read_app_data == 2)) { + if ((ret == -1) && (s->s3.in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes @@ -4480,7 +4474,7 @@ static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, len, peek, readbytes); ossl_statem_set_in_handshake(s, 0); } else - s->s3->in_read_app_data = 0; + s->s3.in_read_app_data = 0; return ret; } @@ -4500,7 +4494,7 @@ int ssl3_renegotiate(SSL *s) if (s->handshake_func == NULL) return 1; - s->s3->renegotiate = 1; + s->s3.renegotiate = 1; return 1; } @@ -4516,7 +4510,7 @@ int ssl3_renegotiate_check(SSL *s, int initok) { int ret = 0; - if (s->s3->renegotiate) { + if (s->s3.renegotiate) { if (!RECORD_LAYER_read_pending(&s->rlayer) && !RECORD_LAYER_write_pending(&s->rlayer) && (initok || !SSL_in_init(s))) { @@ -4526,9 +4520,9 @@ int ssl3_renegotiate_check(SSL *s, int initok) * state. */ ossl_statem_set_renegotiate(s); - s->s3->renegotiate = 0; - s->s3->num_renegotiations++; - s->s3->total_renegotiations++; + s->s3.renegotiate = 0; + s->s3.num_renegotiations++; + s->s3.total_renegotiations++; ret = 1; } } @@ -4544,13 +4538,13 @@ int ssl3_renegotiate_check(SSL *s, int initok) long ssl_get_algorithm2(SSL *s) { long alg2; - if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL) + if (s->s3.tmp.new_cipher == NULL) return -1; - alg2 = s->s3->tmp.new_cipher->algorithm2; + alg2 = s->s3.tmp.new_cipher->algorithm2; if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) { if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; - } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) { + } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) { if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384)) return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF; } @@ -4600,13 +4594,13 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms) { - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; int ret = 0; if (alg_k & SSL_PSK) { #ifndef OPENSSL_NO_PSK unsigned char *pskpms, *t; - size_t psklen = s->s3->tmp.psklen; + size_t psklen = s->s3.tmp.psklen; size_t pskpmslen; /* create PSK premaster_secret */ @@ -4627,10 +4621,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, memcpy(t, pms, pmslen); t += pmslen; s2n(psklen, t); - memcpy(t, s->s3->tmp.psk, psklen); + memcpy(t, s->s3.tmp.psk, psklen); - OPENSSL_clear_free(s->s3->tmp.psk, psklen); - s->s3->tmp.psk = NULL; + OPENSSL_clear_free(s->s3.tmp.psk, psklen); + s->s3.tmp.psk = NULL; if (!s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,pskpms, pskpmslen, &s->session->master_key_length)) { @@ -4661,7 +4655,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_cleanse(pms, pmslen); } if (s->server == 0) - s->s3->tmp.pms = NULL; + s->s3.tmp.pms = NULL; return ret; } @@ -4829,8 +4823,8 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) } } else { /* Save premaster secret */ - s->s3->tmp.pms = pms; - s->s3->tmp.pmslen = pmslen; + s->s3.tmp.pms = pms; + s->s3.tmp.pmslen = pmslen; pms = NULL; rv = 1; } diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index fd75677..83778d3 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -18,14 +18,14 @@ int ssl3_do_change_cipher_spec(SSL *s) else i = SSL3_CHANGE_CIPHER_CLIENT_READ; - if (s->s3->tmp.key_block == NULL) { + if (s->s3.tmp.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); return 0; } - s->session->cipher = s->s3->tmp.new_cipher; + s->session->cipher = s->s3.tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ return 0; @@ -56,9 +56,9 @@ int ssl3_send_alert(SSL *s, int level, int desc) if ((level == SSL3_AL_FATAL) && (s->session != NULL)) SSL_CTX_remove_session(s->session_ctx, s->session); - s->s3->alert_dispatch = 1; - s->s3->send_alert[0] = level; - s->s3->send_alert[1] = desc; + s->s3.alert_dispatch = 1; + s->s3.send_alert[0] = level; + s->s3.send_alert[1] = desc; if (!RECORD_LAYER_write_pending(&s->rlayer)) { /* data still being written out? */ return s->method->ssl_dispatch_alert(s); @@ -77,12 +77,12 @@ int ssl3_dispatch_alert(SSL *s) void (*cb) (const SSL *ssl, int type, int val) = NULL; size_t written; - s->s3->alert_dispatch = 0; + s->s3.alert_dispatch = 0; alertlen = 2; - i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, + i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0, &written); if (i <= 0) { - s->s3->alert_dispatch = 1; + s->s3.alert_dispatch = 1; } else { /* * Alert sent to BIO - now flush. If the message does not get sent due @@ -91,7 +91,7 @@ int ssl3_dispatch_alert(SSL *s) (void)BIO_flush(s->wbio); if (s->msg_callback) - s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, + s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, 2, s, s->msg_callback_arg); if (s->info_callback != NULL) @@ -100,7 +100,7 @@ int ssl3_dispatch_alert(SSL *s) cb = s->ctx->info_callback; if (cb != NULL) { - j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]; + j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1]; cb(s, SSL_CB_WRITE_ALERT, j); } } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 0d1d6da..04963f1 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -516,13 +516,13 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s) { - return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; + return s->s3.tmp.peer_ca_names; } STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) { if (!s->server) - return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; + return s->s3.tmp.peer_ca_names; return s->client_ca_names != NULL ? s->client_ca_names : s->ctx->client_ca_names; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 221653e..89a4100 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1421,12 +1421,10 @@ size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; - if (s->s3 != NULL) { - ret = s->s3->tmp.finish_md_len; - if (count > ret) - count = ret; - memcpy(buf, s->s3->tmp.finish_md, count); - } + ret = s->s3.tmp.finish_md_len; + if (count > ret) + count = ret; + memcpy(buf, s->s3.tmp.finish_md, count); return ret; } @@ -1435,12 +1433,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret = 0; - if (s->s3 != NULL) { - ret = s->s3->tmp.peer_finish_md_len; - if (count > ret) - count = ret; - memcpy(buf, s->s3->tmp.peer_finish_md, count); - } + ret = s->s3.tmp.peer_finish_md_len; + if (count > ret) + count = ret; + memcpy(buf, s->s3.tmp.peer_finish_md, count); return ret; } @@ -2277,10 +2273,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) RECORD_LAYER_set_read_ahead(&s->rlayer, 1); return 1; case SSL_CTRL_GET_RI_SUPPORT: - if (s->s3) - return s->s3->send_connection_binding; - else - return 0; + return s->s3.send_connection_binding; case SSL_CTRL_CERT_FLAGS: return (s->cert->cert_flags |= larg); case SSL_CTRL_CLEAR_CERT_FLAGS: @@ -2288,10 +2281,10 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_RAW_CIPHERLIST: if (parg) { - if (s->s3->tmp.ciphers_raw == NULL) + if (s->s3.tmp.ciphers_raw == NULL) return 0; - *(unsigned char **)parg = s->s3->tmp.ciphers_raw; - return (int)s->s3->tmp.ciphers_rawlen; + *(unsigned char **)parg = s->s3.tmp.ciphers_raw; + return (int)s->s3.tmp.ciphers_rawlen; } else { return TLS_CIPHER_LEN; } @@ -2891,13 +2884,11 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len) { - *data = NULL; - if (ssl->s3) - *data = ssl->s3->alpn_selected; + *data = ssl->s3.alpn_selected; if (*data == NULL) *len = 0; else - *len = (unsigned int)ssl->s3->alpn_selected_len; + *len = (unsigned int)ssl->s3.alpn_selected_len; } int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, @@ -3306,7 +3297,7 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) void ssl_set_masks(SSL *s) { CERT *c = s->cert; - uint32_t *pvalid = s->s3->tmp.valid_flags; + uint32_t *pvalid = s->s3.tmp.valid_flags; int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC @@ -3412,15 +3403,15 @@ void ssl_set_masks(SSL *s) mask_k |= SSL_kECDHEPSK; #endif - s->s3->tmp.mask_k = mask_k; - s->s3->tmp.mask_a = mask_a; + s->s3.tmp.mask_k = mask_k; + s->s3.tmp.mask_a = mask_a; } #ifndef OPENSSL_NO_EC int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { - if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) { + if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) { /* key usage, if present, must allow signing */ if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, @@ -3436,7 +3427,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length) { - CERT_PKEY *cpk = s->s3->tmp.cert; + CERT_PKEY *cpk = s->s3.tmp.cert; *serverinfo_length = 0; if (cpk == NULL || cpk->serverinfo == NULL) @@ -3628,7 +3619,7 @@ int SSL_get_error(const SSL *s, int i) return SSL_ERROR_WANT_CLIENT_HELLO_CB; if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) return SSL_ERROR_ZERO_RETURN; return SSL_ERROR_SYSCALL; @@ -3958,7 +3949,7 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) { - return s->s3->tmp.new_cipher; + return s->s3.tmp.new_cipher; } const COMP_METHOD *SSL_get_current_compression(const SSL *s) @@ -4176,20 +4167,20 @@ long SSL_get_verify_result(const SSL *ssl) size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) { if (outlen == 0) - return sizeof(ssl->s3->client_random); - if (outlen > sizeof(ssl->s3->client_random)) - outlen = sizeof(ssl->s3->client_random); - memcpy(out, ssl->s3->client_random, outlen); + return sizeof(ssl->s3.client_random); + if (outlen > sizeof(ssl->s3.client_random)) + outlen = sizeof(ssl->s3.client_random); + memcpy(out, ssl->s3.client_random, outlen); return outlen; } size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) { if (outlen == 0) - return sizeof(ssl->s3->server_random); - if (outlen > sizeof(ssl->s3->server_random)) - outlen = sizeof(ssl->s3->server_random); - memcpy(out, ssl->s3->server_random, outlen); + return sizeof(ssl->s3.server_random); + if (outlen > sizeof(ssl->s3.server_random)) + outlen = sizeof(ssl->s3.server_random); + memcpy(out, ssl->s3.server_random, outlen); return outlen; } @@ -4519,7 +4510,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, size_t *hashlen) { EVP_MD_CTX *ctx = NULL; - EVP_MD_CTX *hdgst = s->s3->handshake_dgst; + EVP_MD_CTX *hdgst = s->s3.handshake_dgst; int hashleni = EVP_MD_CTX_size(hdgst); int ret = 0; @@ -5295,7 +5286,7 @@ int ssl_log_secret(SSL *ssl, { return nss_keylog_int(label, ssl, - ssl->s3->client_random, + ssl->s3.client_random, SSL3_RANDOM_SIZE, secret, secret_len); @@ -5321,9 +5312,9 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) return 0; } - OPENSSL_free(s->s3->tmp.ciphers_raw); - s->s3->tmp.ciphers_raw = NULL; - s->s3->tmp.ciphers_rawlen = 0; + OPENSSL_free(s->s3.tmp.ciphers_raw); + s->s3.tmp.ciphers_raw = NULL; + s->s3.tmp.ciphers_rawlen = 0; if (sslv2format) { size_t numciphers = PACKET_remaining(cipher_suites) / n; @@ -5339,13 +5330,13 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) * problem. */ raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); - s->s3->tmp.ciphers_raw = raw; + s->s3.tmp.ciphers_raw = raw; if (raw == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, ERR_R_MALLOC_FAILURE); return 0; } - for (s->s3->tmp.ciphers_rawlen = 0; + for (s->s3.tmp.ciphers_rawlen = 0; PACKET_remaining(&sslv2ciphers) > 0; raw += TLS_CIPHER_LEN) { if (!PACKET_get_1(&sslv2ciphers, &leadbyte) @@ -5356,16 +5347,16 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, SSL_R_BAD_PACKET); - OPENSSL_free(s->s3->tmp.ciphers_raw); - s->s3->tmp.ciphers_raw = NULL; - s->s3->tmp.ciphers_rawlen = 0; + OPENSSL_free(s->s3.tmp.ciphers_raw); + s->s3.tmp.ciphers_raw = NULL; + s->s3.tmp.ciphers_rawlen = 0; return 0; } if (leadbyte == 0) - s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN; + s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN; } - } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw, - &s->s3->tmp.ciphers_rawlen)) { + } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw, + &s->s3.tmp.ciphers_rawlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, ERR_R_INTERNAL_ERROR); return 0; @@ -5558,9 +5549,9 @@ int SSL_stateless(SSL *s) ERR_clear_error(); - s->s3->flags |= TLS1_FLAGS_STATELESS; + s->s3.flags |= TLS1_FLAGS_STATELESS; ret = SSL_accept(s); - s->s3->flags &= ~TLS1_FLAGS_STATELESS; + s->s3.flags &= ~TLS1_FLAGS_STATELESS; if (ret > 0 && s->ext.cookieok) return 1; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a5df3cf..4a72864 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -334,8 +334,8 @@ || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ || (s)->hello_retry_request == SSL_HRR_PENDING) -# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \ - || (s)->s3->tmp.peer_finish_md_len == 0) +# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \ + || (s)->s3.tmp.peer_finish_md_len == 0) /* See if we need explicit IV */ # define SSL_USE_EXPLICIT_IV(s) \ @@ -374,8 +374,8 @@ # define GET_MAX_FRAGMENT_LENGTH(session) \ (512U << (session->ext.max_fragment_len_mode - 1)) -# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) -# define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) +# define SSL_READ_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) +# define SSL_WRITE_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) /* Mostly for SSLv3 */ # define SSL_PKEY_RSA 0 @@ -1081,6 +1081,8 @@ struct ssl_ctx_st { void *async_cb_arg; }; +typedef struct cert_pkey_st CERT_PKEY; + struct ssl_st { /* * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, @@ -1134,7 +1136,179 @@ struct ssl_st { * ssl3_get_message() */ size_t init_num; /* amount read/written */ size_t init_off; /* amount read/written */ - struct ssl3_state_st *s3; /* SSLv3 variables */ + + struct { + long flags; + size_t read_mac_secret_size; + unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; + size_t write_mac_secret_size; + unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + /* flags for countermeasure against known-IV weakness */ + int need_empty_fragments; + int empty_fragment_done; + /* used during startup, digest all incoming/outgoing packets */ + BIO *handshake_buffer; + /* + * When handshake digest is determined, buffer is hashed and + * freed and MD_CTX for the required digest is stored here. + */ + EVP_MD_CTX *handshake_dgst; + /* + * Set whenever an expected ChangeCipherSpec message is processed. + * Unset when the peer's Finished message is received. + * Unexpected ChangeCipherSpec messages trigger a fatal alert. + */ + int change_cipher_spec; + int warn_alert; + int fatal_alert; + /* + * we allow one fatal and one warning alert to be outstanding, send close + * alert via the warning alert + */ + int alert_dispatch; + unsigned char send_alert[2]; + /* + * This flag is set when we should renegotiate ASAP, basically when there + * is no more data in the read or write buffers + */ + int renegotiate; + int total_renegotiations; + int num_renegotiations; + int in_read_app_data; + struct { + /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ + unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; + size_t finish_md_len; + unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; + size_t peer_finish_md_len; + size_t message_size; + int message_type; + /* used to hold the new cipher we are going to use */ + const SSL_CIPHER *new_cipher; +# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + EVP_PKEY *pkey; /* holds short lived DH/ECDH key */ +# endif + /* used for certificate requests */ + int cert_req; + /* Certificate types in certificate request message. */ + uint8_t *ctype; + size_t ctype_len; + /* Certificate authorities list peer sent */ + STACK_OF(X509_NAME) *peer_ca_names; + size_t key_block_length; + unsigned char *key_block; + const EVP_CIPHER *new_sym_enc; + const EVP_MD *new_hash; + int new_mac_pkey_type; + size_t new_mac_secret_size; +# ifndef OPENSSL_NO_COMP + const SSL_COMP *new_compression; +# else + char *new_compression; +# endif + int cert_request; + /* Raw values of the cipher list from a client */ + unsigned char *ciphers_raw; + size_t ciphers_rawlen; + /* Temporary storage for premaster secret */ + unsigned char *pms; + size_t pmslen; +# ifndef OPENSSL_NO_PSK + /* Temporary storage for PSK key */ + unsigned char *psk; + size_t psklen; +# endif + /* Signature algorithm we actually use */ + const struct sigalg_lookup_st *sigalg; + /* Pointer to certificate we use */ + CERT_PKEY *cert; + /* + * signature algorithms peer reports: e.g. supported signature + * algorithms extension for server or as part of a certificate + * request for client. + * Keep track of the algorithms for TLS and X.509 usage separately. + */ + uint16_t *peer_sigalgs; + uint16_t *peer_cert_sigalgs; + /* Size of above arrays */ + size_t peer_sigalgslen; + size_t peer_cert_sigalgslen; + /* Sigalg peer actually uses */ + const struct sigalg_lookup_st *peer_sigalg; + /* + * Set if corresponding CERT_PKEY can be used with current + * SSL session: e.g. appropriate curve, signature algorithms etc. + * If zero it can't be used at all. + */ + uint32_t valid_flags[SSL_PKEY_NUM]; + /* + * For servers the following masks are for the key and auth algorithms + * that are supported by the certs below. For clients they are masks of + * *disabled* algorithms based on the current session. + */ + uint32_t mask_k; + uint32_t mask_a; + /* + * The following are used by the client to see if a cipher is allowed or + * not. It contains the minimum and maximum version the client's using + * based on what it knows so far. + */ + int min_ver; + int max_ver; + } tmp; + + /* Connection binding to prevent renegotiation attacks */ + unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; + size_t previous_client_finished_len; + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + size_t previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ + +# ifndef OPENSSL_NO_NEXTPROTONEG + /* + * Set if we saw the Next Protocol Negotiation extension from our peer. + */ + int npn_seen; +# endif + + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ + + /* + * In a server these point to the selected ALPN protocol after the + * ClientHello has been processed. In a client these contain the protocol + * that the server selected once the ServerHello has been processed. + */ + unsigned char *alpn_selected; + size_t alpn_selected_len; + /* used by the server to know what options were proposed */ + unsigned char *alpn_proposed; + size_t alpn_proposed_len; + /* used by the client to know if it actually sent alpn */ + int alpn_sent; + +# ifndef OPENSSL_NO_EC + /* + * This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari on + * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. + */ + char is_probably_safari; +# endif /* !OPENSSL_NO_EC */ + + /* For clients: peer temporary key */ +# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + /* The group_id for the DH/ECDH key */ + uint16_t group_id; + EVP_PKEY *peer_tmp; +# endif + + } s3; + struct dtls1_state_st *d1; /* DTLSv1 variables */ /* callback that allows applications to peek at protocol messages */ void (*msg_callback) (int write_p, int version, int content_type, @@ -1520,8 +1694,6 @@ typedef struct tls_group_info_st { # define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CUSTOM 0x2 -typedef struct cert_pkey_st CERT_PKEY; - /* * Structure containing table entry of certificate info corresponding to * CERT_PKEY entries @@ -1531,178 +1703,6 @@ typedef struct { uint32_t amask; /* authmask corresponding to key type */ } SSL_CERT_LOOKUP; -typedef struct ssl3_state_st { - long flags; - size_t read_mac_secret_size; - unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; - size_t write_mac_secret_size; - unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; - unsigned char server_random[SSL3_RANDOM_SIZE]; - unsigned char client_random[SSL3_RANDOM_SIZE]; - /* flags for countermeasure against known-IV weakness */ - int need_empty_fragments; - int empty_fragment_done; - /* used during startup, digest all incoming/outgoing packets */ - BIO *handshake_buffer; - /* - * When handshake digest is determined, buffer is hashed and - * freed and MD_CTX for the required digest is stored here. - */ - EVP_MD_CTX *handshake_dgst; - /* - * Set whenever an expected ChangeCipherSpec message is processed. - * Unset when the peer's Finished message is received. - * Unexpected ChangeCipherSpec messages trigger a fatal alert. - */ - int change_cipher_spec; - int warn_alert; - int fatal_alert; - /* - * we allow one fatal and one warning alert to be outstanding, send close - * alert via the warning alert - */ - int alert_dispatch; - unsigned char send_alert[2]; - /* - * This flag is set when we should renegotiate ASAP, basically when there - * is no more data in the read or write buffers - */ - int renegotiate; - int total_renegotiations; - int num_renegotiations; - int in_read_app_data; - struct { - /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ - unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; - size_t finish_md_len; - unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; - size_t peer_finish_md_len; - size_t message_size; - int message_type; - /* used to hold the new cipher we are going to use */ - const SSL_CIPHER *new_cipher; -# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - EVP_PKEY *pkey; /* holds short lived DH/ECDH key */ -# endif - /* used for certificate requests */ - int cert_req; - /* Certificate types in certificate request message. */ - uint8_t *ctype; - size_t ctype_len; - /* Certificate authorities list peer sent */ - STACK_OF(X509_NAME) *peer_ca_names; - size_t key_block_length; - unsigned char *key_block; - const EVP_CIPHER *new_sym_enc; - const EVP_MD *new_hash; - int new_mac_pkey_type; - size_t new_mac_secret_size; -# ifndef OPENSSL_NO_COMP - const SSL_COMP *new_compression; -# else - char *new_compression; -# endif - int cert_request; - /* Raw values of the cipher list from a client */ - unsigned char *ciphers_raw; - size_t ciphers_rawlen; - /* Temporary storage for premaster secret */ - unsigned char *pms; - size_t pmslen; -# ifndef OPENSSL_NO_PSK - /* Temporary storage for PSK key */ - unsigned char *psk; - size_t psklen; -# endif - /* Signature algorithm we actually use */ - const SIGALG_LOOKUP *sigalg; - /* Pointer to certificate we use */ - CERT_PKEY *cert; - /* - * signature algorithms peer reports: e.g. supported signature - * algorithms extension for server or as part of a certificate - * request for client. - * Keep track of the algorithms for TLS and X.509 usage separately. - */ - uint16_t *peer_sigalgs; - uint16_t *peer_cert_sigalgs; - /* Size of above arrays */ - size_t peer_sigalgslen; - size_t peer_cert_sigalgslen; - /* Sigalg peer actually uses */ - const SIGALG_LOOKUP *peer_sigalg; - /* - * Set if corresponding CERT_PKEY can be used with current - * SSL session: e.g. appropriate curve, signature algorithms etc. - * If zero it can't be used at all. - */ - uint32_t valid_flags[SSL_PKEY_NUM]; - /* - * For servers the following masks are for the key and auth algorithms - * that are supported by the certs below. For clients they are masks of - * *disabled* algorithms based on the current session. - */ - uint32_t mask_k; - uint32_t mask_a; - /* - * The following are used by the client to see if a cipher is allowed or - * not. It contains the minimum and maximum version the client's using - * based on what it knows so far. - */ - int min_ver; - int max_ver; - } tmp; - - /* Connection binding to prevent renegotiation attacks */ - unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; - size_t previous_client_finished_len; - unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; - size_t previous_server_finished_len; - int send_connection_binding; /* TODOEKR */ - -# ifndef OPENSSL_NO_NEXTPROTONEG - /* - * Set if we saw the Next Protocol Negotiation extension from our peer. - */ - int npn_seen; -# endif - - /* - * ALPN information (we are in the process of transitioning from NPN to - * ALPN.) - */ - - /* - * In a server these point to the selected ALPN protocol after the - * ClientHello has been processed. In a client these contain the protocol - * that the server selected once the ServerHello has been processed. - */ - unsigned char *alpn_selected; - size_t alpn_selected_len; - /* used by the server to know what options were proposed */ - unsigned char *alpn_proposed; - size_t alpn_proposed_len; - /* used by the client to know if it actually sent alpn */ - int alpn_sent; - -# ifndef OPENSSL_NO_EC - /* - * This is set to true if we believe that this is a version of Safari - * running on OS X 10.6 or newer. We wish to know this because Safari on - * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. - */ - char is_probably_safari; -# endif /* !OPENSSL_NO_EC */ - - /* For clients: peer temporary key */ -# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - /* The group_id for the DH/ECDH key */ - uint16_t group_id; - EVP_PKEY *peer_tmp; -# endif - -} SSL3_STATE; - /* DTLS structures */ # ifndef OPENSSL_NO_SCTP @@ -2070,8 +2070,8 @@ typedef enum downgrade_en { #define TLSEXT_KEX_MODE_FLAG_KE 1 #define TLSEXT_KEX_MODE_FLAG_KE_DHE 2 -#define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \ - s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) +#define SSL_USE_PSS(s) (s->s3.tmp.peer_sigalg != NULL && \ + s->s3.tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) /* A dummy signature value not valid for TLSv1.2 signature algs */ #define TLSEXT_signature_rsa_pss 0x0101 diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index d04b4fa..508182a 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -438,7 +438,7 @@ int ssl_get_new_session(SSL *s, int session) ss->verify_result = X509_V_OK; /* If client supports extended master secret set it in session */ - if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) + if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) ss->flags |= SSL_SESS_FLAG_EXTMS; return 1; @@ -620,13 +620,13 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) /* Check extended master secret extension consistency */ if (ret->flags & SSL_SESS_FLAG_EXTMS) { /* If old session includes extms, but new does not: abort handshake */ - if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) { + if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION, SSL_R_INCONSISTENT_EXTMS); fatal = 1; goto err; } - } else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { + } else if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { /* If new session includes extms, but old does not: do not resume */ goto err; } diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index dcf2bfe..2e51aab 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1030,8 +1030,8 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) if (s->server) return 1; - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - alg_a = s->s3->tmp.new_cipher->algorithm_auth; + alg_k = s->s3.tmp.new_cipher->algorithm_mkey; + alg_a = s->s3.tmp.new_cipher->algorithm_auth; /* * If we are client and using an elliptic curve cryptography cipher @@ -1092,7 +1092,7 @@ static int init_status_request(SSL *s, unsigned int context) #ifndef OPENSSL_NO_NEXTPROTONEG static int init_npn(SSL *s, unsigned int context) { - s->s3->npn_seen = 0; + s->s3.npn_seen = 0; return 1; } @@ -1100,13 +1100,13 @@ static int init_npn(SSL *s, unsigned int context) static int init_alpn(SSL *s, unsigned int context) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - s->s3->alpn_selected_len = 0; + OPENSSL_free(s->s3.alpn_selected); + s->s3.alpn_selected = NULL; + s->s3.alpn_selected_len = 0; if (s->server) { - OPENSSL_free(s->s3->alpn_proposed); - s->s3->alpn_proposed = NULL; - s->s3->alpn_proposed_len = 0; + OPENSSL_free(s->s3.alpn_proposed); + s->s3.alpn_proposed = NULL; + s->s3.alpn_proposed_len = 0; } return 1; } @@ -1134,8 +1134,8 @@ static int final_alpn(SSL *s, unsigned int context, int sent) static int init_sig_algs(SSL *s, unsigned int context) { /* Clear any signature algorithms extension received */ - OPENSSL_free(s->s3->tmp.peer_sigalgs); - s->s3->tmp.peer_sigalgs = NULL; + OPENSSL_free(s->s3.tmp.peer_sigalgs); + s->s3.tmp.peer_sigalgs = NULL; return 1; } @@ -1143,8 +1143,8 @@ static int init_sig_algs(SSL *s, unsigned int context) static int init_sig_algs_cert(SSL *s, unsigned int context) { /* Clear any signature algorithms extension received */ - OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); - s->s3->tmp.peer_cert_sigalgs = NULL; + OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); + s->s3.tmp.peer_cert_sigalgs = NULL; return 1; } @@ -1168,7 +1168,7 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; return 1; } @@ -1180,7 +1180,7 @@ static int final_ems(SSL *s, unsigned int context, int sent) * Check extended master secret extension is consistent with * original session. */ - if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) != + if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, SSL_R_INCONSISTENT_EXTMS); @@ -1193,8 +1193,8 @@ static int final_ems(SSL *s, unsigned int context, int sent) static int init_certificate_authorities(SSL *s, unsigned int context) { - sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); - s->s3->tmp.peer_ca_names = NULL; + sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); + s->s3.tmp.peer_ca_names = NULL; return 1; } @@ -1331,9 +1331,9 @@ static int final_key_share(SSL *s, unsigned int context, int sent) * send a HelloRetryRequest */ if (s->server) { - if (s->s3->peer_tmp != NULL) { + if (s->s3.peer_tmp != NULL) { /* We have a suitable key_share */ - if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0 + if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 && !s->ext.cookieok) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { /* @@ -1377,7 +1377,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent) if (i < num_groups) { /* A shared group exists so send a HelloRetryRequest */ - s->s3->group_id = group_id; + s->s3.group_id = group_id; s->hello_retry_request = SSL_HRR_PENDING; return 1; } @@ -1391,7 +1391,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent) return 0; } - if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0 + if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 && !s->ext.cookieok) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { /* @@ -1539,7 +1539,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, void *hdata; hdatalen = hdatalen_l = - BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + BIO_get_mem_data(s->s3.handshake_buffer, &hdata); if (hdatalen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_HANDSHAKE_LENGTH); diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 9d7a4f8..979954f 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -22,8 +22,8 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished, - s->s3->previous_client_finished_len) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, ERR_R_INTERNAL_ERROR); @@ -387,7 +387,7 @@ EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - s->s3->alpn_sent = 0; + s->s3.alpn_sent = 0; if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) return EXT_RETURN_NOT_SENT; @@ -402,7 +402,7 @@ EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } - s->s3->alpn_sent = 1; + s->s3.alpn_sent = 1; return EXT_RETURN_SENT; } @@ -591,7 +591,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) EVP_PKEY *key_share_key = NULL; size_t encodedlen; - if (s->s3->tmp.pkey != NULL) { + if (s->s3.tmp.pkey != NULL) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_INTERNAL_ERROR); @@ -600,7 +600,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) /* * Could happen if we got an HRR that wasn't requesting a new key_share */ - key_share_key = s->s3->tmp.pkey; + key_share_key = s->s3.tmp.pkey; } else { key_share_key = ssl_generate_pkey_group(s, curve_id); if (key_share_key == NULL) { @@ -630,13 +630,13 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) * going to need to be able to save more than one EVP_PKEY. For now * we reuse the existing tmp.pkey */ - s->s3->tmp.pkey = key_share_key; - s->s3->group_id = curve_id; + s->s3.tmp.pkey = key_share_key; + s->s3.group_id = curve_id; OPENSSL_free(encoded_point); return 1; err: - if (s->s3->tmp.pkey == NULL) + if (s->s3.tmp.pkey == NULL) EVP_PKEY_free(key_share_key); OPENSSL_free(encoded_point); return 0; @@ -669,8 +669,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, * TODO(TLS1.3): Make the number of key_shares sent configurable. For * now, just send one */ - if (s->s3->group_id != 0) { - curve_id = s->s3->group_id; + if (s->s3.group_id != 0) { + curve_id = s->s3.group_id; } else { for (i = 0; i < num_groups; i++) { @@ -1224,16 +1224,16 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - size_t expected_len = s->s3->previous_client_finished_len - + s->s3->previous_server_finished_len; + size_t expected_len = s->s3.previous_client_finished_len + + s->s3.previous_server_finished_len; size_t ilen; const unsigned char *data; /* Check for logic errors */ if (!ossl_assert(expected_len == 0 - || s->s3->previous_client_finished_len != 0) + || s->s3.previous_client_finished_len != 0) || !ossl_assert(expected_len == 0 - || s->s3->previous_server_finished_len != 0)) { + || s->s3.previous_server_finished_len != 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, ERR_R_INTERNAL_ERROR); return 0; @@ -1260,22 +1260,22 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, return 0; } - if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) - || memcmp(data, s->s3->previous_client_finished, - s->s3->previous_client_finished_len) != 0) { + if (!PACKET_get_bytes(pkt, &data, s->s3.previous_client_finished_len) + || memcmp(data, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } - if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) - || memcmp(data, s->s3->previous_server_finished, - s->s3->previous_server_finished_len) != 0) { + if (!PACKET_get_bytes(pkt, &data, s->s3.previous_server_finished_len) + || memcmp(data, s->s3.previous_server_finished, + s->s3.previous_server_finished_len) != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } - s->s3->send_connection_binding = 1; + s->s3.send_connection_binding = 1; return 1; } @@ -1602,7 +1602,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, memcpy(s->ext.npn, selected, selected_len); s->ext.npn_len = selected_len; - s->s3->npn_seen = 1; + s->s3.npn_seen = 1; return 1; } @@ -1614,7 +1614,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t len; /* We must have requested it. */ - if (!s->s3->alpn_sent) { + if (!s->s3.alpn_sent) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_ALPN, SSL_R_BAD_EXTENSION); return 0; @@ -1632,23 +1632,23 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, SSL_R_BAD_EXTENSION); return 0; } - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = OPENSSL_malloc(len); - if (s->s3->alpn_selected == NULL) { + OPENSSL_free(s->s3.alpn_selected); + s->s3.alpn_selected = OPENSSL_malloc(len); + if (s->s3.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; } - if (!PACKET_copy_bytes(pkt, s->s3->alpn_selected, len)) { + if (!PACKET_copy_bytes(pkt, s->s3.alpn_selected, len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, SSL_R_BAD_EXTENSION); return 0; } - s->s3->alpn_selected_len = len; + s->s3.alpn_selected_len = len; if (s->session->ext.alpn_selected == NULL || s->session->ext.alpn_selected_len != len - || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len) + || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) != 0) { /* ALPN not consistent with the old session so cannot use early_data */ s->ext.early_data_ok = 0; @@ -1664,13 +1664,13 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; } - s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; + s->session->ext.alpn_selected_len = s->s3.alpn_selected_len; } return 1; @@ -1733,8 +1733,8 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, { /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) - && s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) + && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD + && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4) s->ext.use_etm = 1; return 1; @@ -1745,7 +1745,7 @@ int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return 1; - s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; + s->s3.flags |= TLS1_FLAGS_RECEIVED_EXTMS; if (!s->hit) s->session->flags |= SSL_SESS_FLAG_EXTMS; @@ -1792,10 +1792,10 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #ifndef OPENSSL_NO_TLS1_3 unsigned int group_id; PACKET encoded_pt; - EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL; + EVP_PKEY *ckey = s->s3.tmp.pkey, *skey = NULL; /* Sanity check */ - if (ckey == NULL || s->s3->peer_tmp != NULL) { + if (ckey == NULL || s->s3.peer_tmp != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR); return 0; @@ -1821,7 +1821,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * It is an error if the HelloRetryRequest wants a key_share that we * already sent in the first ClientHello */ - if (group_id == s->s3->group_id) { + if (group_id == s->s3.group_id) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE); return 0; @@ -1840,13 +1840,13 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - s->s3->group_id = group_id; - EVP_PKEY_free(s->s3->tmp.pkey); - s->s3->tmp.pkey = NULL; + s->s3.group_id = group_id; + EVP_PKEY_free(s->s3.tmp.pkey); + s->s3.tmp.pkey = NULL; return 1; } - if (group_id != s->s3->group_id) { + if (group_id != s->s3.group_id) { /* * This isn't for the group that we sent in the original * key_share! @@ -1882,7 +1882,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, EVP_PKEY_free(skey); return 0; } - s->s3->peer_tmp = skey; + s->s3.peer_tmp = skey; #endif return 1; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 7b1c5c9..d107af3 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -53,20 +53,20 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, } /* Check that the extension matches */ - if (ilen != s->s3->previous_client_finished_len) { + if (ilen != s->s3.previous_client_finished_len) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } - if (memcmp(data, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) { + if (memcmp(data, s->s3.previous_client_finished, + s->s3.previous_client_finished_len)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } - s->s3->send_connection_binding = 1; + s->s3.send_connection_binding = 1; return 1; } @@ -446,7 +446,7 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * renegotiation. */ if (SSL_IS_FIRST_HANDSHAKE(s)) - s->s3->npn_seen = 1; + s->s3.npn_seen = 1; return 1; } @@ -482,11 +482,11 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } } while (PACKET_remaining(&protocol_list) != 0); - OPENSSL_free(s->s3->alpn_proposed); - s->s3->alpn_proposed = NULL; - s->s3->alpn_proposed_len = 0; + OPENSSL_free(s->s3.alpn_proposed); + s->s3.alpn_proposed = NULL; + s->s3.alpn_proposed_len = 0; if (!PACKET_memdup(&save_protocol_list, - &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) { + &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -621,7 +621,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; /* Sanity check */ - if (s->s3->peer_tmp != NULL) { + if (s->s3.peer_tmp != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR); return 0; @@ -648,7 +648,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - if (s->s3->group_id != 0 && PACKET_remaining(&key_share_list) == 0) { + if (s->s3.group_id != 0 && PACKET_remaining(&key_share_list) == 0) { /* * If we set a group_id already, then we must have sent an HRR * requesting a new key_share. If we haven't got one then that is an @@ -679,8 +679,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * If we sent an HRR then the key_share sent back MUST be for the group * we requested, and must be the only key_share sent. */ - if (s->s3->group_id != 0 - && (group_id != s->s3->group_id + if (s->s3.group_id != 0 + && (group_id != s->s3.group_id || PACKET_remaining(&key_share_list) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE); @@ -700,15 +700,15 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, continue; } - if ((s->s3->peer_tmp = ssl_generate_param_group(group_id)) == NULL) { + if ((s->s3.peer_tmp = ssl_generate_param_group(group_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } - s->s3->group_id = group_id; + s->s3.group_id = group_id; - if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, + if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, @@ -740,7 +740,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Ignore any cookie if we're not set up to verify it */ if (s->ctx->verify_stateless_cookie_cb == NULL - || (s->s3->flags & TLS1_FLAGS_STATELESS) == 0) + || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return 1; if (!PACKET_as_length_prefixed_2(pkt, &cookie)) { @@ -833,8 +833,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, SSL_R_LENGTH_MISMATCH); return 0; } - if (group_id != s->s3->group_id - || s->s3->tmp.new_cipher + if (group_id != s->s3.group_id + || s->s3.tmp.new_cipher != ssl_get_cipher_by_char(s, ciphdata, 0)) { /* * We chose a different cipher or group id this time around to what is @@ -886,7 +886,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, s->tmp_session_id_len) - || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, &hrrpkt, + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, &ciphlen) || !WPACKET_put_bytes_u8(&hrrpkt, 0) || !WPACKET_start_sub_packet_u16(&hrrpkt)) { @@ -907,7 +907,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (key_share) { if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share) || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->s3->group_id) + || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) || !WPACKET_close(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, @@ -992,7 +992,7 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return 1; - s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; + s->s3.flags |= TLS1_FLAGS_RECEIVED_EXTMS; return 1; } @@ -1234,7 +1234,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } md = ssl_md(sess->cipher->algorithm2); - if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) { + if (md != ssl_md(s->s3.tmp.new_cipher->algorithm2)) { /* The ciphersuite is not compatible with this session. */ SSL_SESSION_free(sess); sess = NULL; @@ -1308,17 +1308,17 @@ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - if (!s->s3->send_connection_binding) + if (!s->s3.send_connection_binding) return EXT_RETURN_NOT_SENT; /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_memcpy(pkt, s->s3->previous_client_finished, - s->s3->previous_client_finished_len) - || !WPACKET_memcpy(pkt, s->s3->previous_server_finished, - s->s3->previous_server_finished_len) + || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) + || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, + s->s3.previous_server_finished_len) || !WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, @@ -1376,8 +1376,8 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; + unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; + unsigned long alg_a = s->s3.tmp.new_cipher->algorithm_auth; int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && (s->session->ext.ecpointformats != NULL); const unsigned char *plist; @@ -1408,8 +1408,8 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, const uint16_t *groups; size_t numgroups, i, first = 1; - /* s->s3->group_id is non zero if we accepted a key_share */ - if (s->s3->group_id == 0) + /* s->s3.group_id is non zero if we accepted a key_share */ + if (s->s3.group_id == 0) return EXT_RETURN_NOT_SENT; /* Get our list of supported groups */ @@ -1430,7 +1430,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, * Check if the client is already using our preferred group. If * so we don't need to add this extension */ - if (s->s3->group_id == group) + if (s->s3.group_id == group) return EXT_RETURN_NOT_SENT; /* Add extension header */ @@ -1530,9 +1530,9 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, const unsigned char *npa; unsigned int npalen; int ret; - int npn_seen = s->s3->npn_seen; + int npn_seen = s->s3.npn_seen; - s->s3->npn_seen = 0; + s->s3.npn_seen = 0; if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL) return EXT_RETURN_NOT_SENT; @@ -1546,7 +1546,7 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } - s->s3->npn_seen = 1; + s->s3.npn_seen = 1; } return EXT_RETURN_SENT; @@ -1556,15 +1556,15 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - if (s->s3->alpn_selected == NULL) + if (s->s3.alpn_selected == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_application_layer_protocol_negotiation) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3->alpn_selected, - s->s3->alpn_selected_len) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, + s->s3.alpn_selected_len) || !WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -1608,10 +1608,10 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, * Don't use encrypt_then_mac if AEAD or RC4 might want to disable * for other cases too. */ - if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD - || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 - || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT - || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) { + if (s->s3.tmp.new_cipher->algorithm_mac == SSL_AEAD + || s->s3.tmp.new_cipher->algorithm_enc == SSL_RC4 + || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT + || s->s3.tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) { s->ext.use_etm = 0; return EXT_RETURN_NOT_SENT; } @@ -1629,7 +1629,7 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) + if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) @@ -1673,7 +1673,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, #ifndef OPENSSL_NO_TLS1_3 unsigned char *encodedPoint; size_t encoded_pt_len = 0; - EVP_PKEY *ckey = s->s3->peer_tmp, *skey = NULL; + EVP_PKEY *ckey = s->s3.peer_tmp, *skey = NULL; if (s->hello_retry_request == SSL_HRR_PENDING) { if (ckey != NULL) { @@ -1682,7 +1682,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3->group_id) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, @@ -1705,7 +1705,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) { + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -1738,7 +1738,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, OPENSSL_free(encodedPoint); /* This causes the crypto state to be updated based on the derived keys */ - s->s3->tmp.pkey = skey; + s->s3.tmp.pkey = skey; if (ssl_derive(s, skey, ckey, 1) == 0) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; @@ -1760,7 +1760,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, EVP_PKEY *pkey; int ret = EXT_RETURN_FAIL; - if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0) + if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return EXT_RETURN_NOT_SENT; if (s->ctx->gen_stateless_cookie_cb == NULL) { @@ -1776,11 +1776,11 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) - || !WPACKET_put_bytes_u16(pkt, s->s3->group_id) - || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &ciphlen) /* Is there a key_share extension present in this HRR? */ - || !WPACKET_put_bytes_u8(pkt, s->s3->peer_tmp == NULL) + || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL)) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { @@ -1895,8 +1895,8 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 }; - if (((s->s3->tmp.new_cipher->id & 0xFFFF) != 0x80 - && (s->s3->tmp.new_cipher->id & 0xFFFF) != 0x81) + if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80 + && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) return EXT_RETURN_NOT_SENT; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 24c7e94..a35573c 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -319,7 +319,7 @@ static int state_machine(SSL *s, int server) * If we are stateless then we already called SSL_clear() - don't do * it again and clear the STATELESS flag itself. */ - if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) + if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) return -1; } #ifndef OPENSSL_NO_SCTP @@ -399,7 +399,7 @@ static int state_machine(SSL *s, int server) /* * Should have been reset by tls_process_finished, too. */ - s->s3->change_cipher_spec = 0; + s->s3.change_cipher_spec = 0; /* * Ok, we now need to push on a buffering BIO ...but not with @@ -598,7 +598,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) if (!transition(s, mt)) return SUB_STATE_ERROR; - if (s->s3->tmp.message_size > max_message_size(s)) { + if (s->s3.tmp.message_size > max_message_size(s)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE, SSL_R_EXCESSIVE_MESSAGE_SIZE); return SUB_STATE_ERROR; @@ -606,8 +606,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) /* dtls_get_message already did this */ if (!SSL_IS_DTLS(s) - && s->s3->tmp.message_size > 0 - && !grow_init_buf(s, s->s3->tmp.message_size + && s->s3.tmp.message_size > 0 + && !grow_init_buf(s, s->s3.tmp.message_size + SSL3_HM_HEADER_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE, ERR_R_BUF_LIB); @@ -923,7 +923,7 @@ int ossl_statem_app_data_allowed(SSL *s) if (st->state == MSG_FLOW_UNINITED) return 0; - if (!s->s3->in_read_app_data || (s->s3->total_renegotiations == 0)) + if (!s->s3.in_read_app_data || (s->s3.total_renegotiations == 0)) return 0; if (s->server) { @@ -952,7 +952,7 @@ int ossl_statem_app_data_allowed(SSL *s) */ int ossl_statem_export_allowed(SSL *s) { - return s->s3->previous_server_finished_len != 0 + return s->s3.previous_server_finished_len != 0 && s->statem.hand_state != TLS_ST_SW_FINISHED; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 356dc89..1be7c57 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -44,8 +44,8 @@ static ossl_inline int cert_req_allowed(SSL *s) { /* TLS does not like anon-DH with client cert */ if ((s->version > SSL3_VERSION - && (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) - || (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) + && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) + || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) return 0; return 1; @@ -60,7 +60,7 @@ static ossl_inline int cert_req_allowed(SSL *s) */ static int key_exchange_expected(SSL *s) { - long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; /* * Can't skip server key exchange if this is an ephemeral @@ -272,7 +272,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) s->hit = 1; st->hand_state = TLS_ST_CR_CHANGE; return 1; - } else if (!(s->s3->tmp.new_cipher->algorithm_auth + } else if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_CR_CERT; @@ -282,7 +282,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) ske_expected = key_exchange_expected(s); /* SKE is optional for some PSK ciphersuites */ if (ske_expected - || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) + || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { st->hand_state = TLS_ST_CR_KEY_EXCH; @@ -314,7 +314,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) case TLS_ST_CR_CERT_STATUS: ske_expected = key_exchange_expected(s); /* SKE is optional for some PSK ciphersuites */ - if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) + if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { st->hand_state = TLS_ST_CR_KEY_EXCH; @@ -446,7 +446,7 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) && s->hello_retry_request == SSL_HRR_NONE) st->hand_state = TLS_ST_CW_CHANGE; else - st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT + st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; @@ -459,13 +459,13 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) case TLS_ST_CW_END_OF_EARLY_DATA: case TLS_ST_CW_CHANGE: - st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT + st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_CW_CERT: /* If a non-empty Certificate we also send CertificateVerify */ - st->hand_state = (s->s3->tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY + st->hand_state = (s->s3.tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; @@ -574,7 +574,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_CR_SRVR_DONE: - if (s->s3->tmp.cert_req) + if (s->s3.tmp.cert_req) st->hand_state = TLS_ST_CW_CERT; else st->hand_state = TLS_ST_CW_KEY_EXCH; @@ -595,12 +595,12 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * need to skip the certificate verify message when client's * ECDH public key is sent inside the client certificate. */ - if (s->s3->tmp.cert_req == 1) { + if (s->s3.tmp.cert_req == 1) { st->hand_state = TLS_ST_CW_CERT_VRFY; } else { st->hand_state = TLS_ST_CW_CHANGE; } - if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { + if (s->s3.flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { st->hand_state = TLS_ST_CW_CHANGE; } return WRITE_TRAN_CONTINUE; @@ -618,7 +618,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) #if defined(OPENSSL_NO_NEXTPROTONEG) st->hand_state = TLS_ST_CW_FINISHED; #else - if (!SSL_IS_DTLS(s) && s->s3->npn_seen) + if (!SSL_IS_DTLS(s) && s->s3.npn_seen) st->hand_state = TLS_ST_CW_NEXT_PROTO; else st->hand_state = TLS_ST_CW_FINISHED; @@ -803,14 +803,14 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) return WORK_ERROR; break; } - s->session->cipher = s->s3->tmp.new_cipher; + s->session->cipher = s->s3.tmp.new_cipher; #ifdef OPENSSL_NO_COMP s->session->compress_meth = 0; #else - if (s->s3->tmp.new_compression == NULL) + if (s->s3.tmp.new_compression == NULL) s->session->compress_meth = 0; else - s->session->compress_meth = s->s3->tmp.new_compression->id; + s->session->compress_meth = s->s3.tmp.new_compression->id; #endif if (!s->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ @@ -1132,7 +1132,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) } /* else use the pre-loaded session */ - p = s->s3->client_random; + p = s->s3.client_random; /* * for DTLS if client_random is initialized, reuse it, we are @@ -1141,7 +1141,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) if (SSL_IS_DTLS(s)) { size_t idx; i = 1; - for (idx = 0; idx < sizeof(s->s3->client_random); idx++) { + for (idx = 0; idx < sizeof(s->s3.client_random); idx++) { if (p[idx]) { i = 0; break; @@ -1151,7 +1151,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) i = (s->hello_retry_request == SSL_HRR_NONE); } - if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random), + if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), DOWNGRADE_NONE) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); @@ -1192,7 +1192,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) * supported_versions extension for the real supported versions. */ if (!WPACKET_put_bytes_u16(pkt, s->client_version) - || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) { + || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return 0; @@ -1270,7 +1270,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s) && s->ctx->comp_methods - && (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) { + && (SSL_IS_DTLS(s) || s->s3.tmp.max_ver < TLS1_3_VERSION)) { int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); for (i = 0; i < compnum; i++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); @@ -1360,8 +1360,8 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) return 0; } - if (SSL_IS_TLS13(s) && s->s3->tmp.new_cipher != NULL - && s->s3->tmp.new_cipher->id != c->id) { + if (SSL_IS_TLS13(s) && s->s3.tmp.new_cipher != NULL + && s->s3.tmp.new_cipher->id != c->id) { /* ServerHello selected a different ciphersuite to that in the HRR */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, SSL_R_WRONG_CIPHER_RETURNED); @@ -1398,7 +1398,7 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) return 0; } } - s->s3->tmp.new_cipher = c; + s->s3.tmp.new_cipher = c; return 1; } @@ -1436,7 +1436,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) goto err; } } else { - if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) { + if (!PACKET_copy_bytes(pkt, s->s3.server_random, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); goto err; @@ -1648,8 +1648,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * Now that we know the version, update the check to see if it's an allowed * version. */ - s->s3->tmp.min_ver = s->version; - s->s3->tmp.max_ver = s->version; + s->s3.tmp.min_ver = s->version; + s->s3.tmp.max_ver = s->version; if (!set_client_ciphersuite(s, cipherchars)) { /* SSLfatal() already called */ @@ -1692,7 +1692,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto err; } else { - s->s3->tmp.new_compression = comp; + s->s3.tmp.new_compression = comp; } #endif @@ -1778,7 +1778,7 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, if (s->ext.tls13_cookie_len == 0 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - && s->s3->tmp.pkey != NULL + && s->s3.tmp.pkey != NULL #endif ) { /* @@ -1959,7 +1959,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) * type. */ if (!SSL_IS_TLS13(s)) { - if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) { + if ((clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0) { x = NULL; SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, @@ -2074,7 +2074,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey) } /* We must check if there is a certificate */ - if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS)) + if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS)) *pkey = X509_get0_pubkey(s->session->peer); return 1; @@ -2164,13 +2164,13 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) goto err; } - s->s3->peer_tmp = peer_tmp; + s->s3.peer_tmp = peer_tmp; /* * FIXME: This makes assumptions about which ciphersuites come with * public keys. We should have a less ad-hoc way of doing this */ - if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS)) + if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS)) *pkey = X509_get0_pubkey(s->session->peer); /* else anonymous DH, so no certificate or pkey. */ @@ -2218,7 +2218,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - if ((s->s3->peer_tmp = ssl_generate_param_group(curve_id)) == NULL) { + if ((s->s3.peer_tmp = ssl_generate_param_group(curve_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; @@ -2230,7 +2230,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, + if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE, @@ -2243,9 +2243,9 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) * ECParameters in the server key exchange message. We do support RSA * and ECDSA. */ - if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) + if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) *pkey = X509_get0_pubkey(s->session->peer); - else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA) + else if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aRSA) *pkey = X509_get0_pubkey(s->session->peer); /* else anonymous ECDH, so no certificate or pkey. */ @@ -2265,13 +2265,13 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) EVP_PKEY_CTX *pctx = NULL; PACKET save_param_start, signature; - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + alg_k = s->s3.tmp.new_cipher->algorithm_mkey; save_param_start = *pkt; #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - EVP_PKEY_free(s->s3->peer_tmp); - s->s3->peer_tmp = NULL; + EVP_PKEY_free(s->s3.peer_tmp); + s->s3.peer_tmp = NULL; #endif if (alg_k & SSL_PSK) { @@ -2343,7 +2343,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) goto err; } - if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) { + if (!tls1_lookup_md(s->s3.tmp.peer_sigalg, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; @@ -2415,7 +2415,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) md_ctx = NULL; } else { /* aNULL, aSRP or PSK do not need public keys */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) + if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_PSK)) { /* Might be wrong key type, check it */ if (ssl3_check_cert_and_algorithm(s)) { @@ -2445,7 +2445,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) /* Clear certificate validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) - s->s3->tmp.valid_flags[i] = 0; + s->s3.tmp.valid_flags[i] = 0; if (SSL_IS_TLS13(s)) { PACKET reqctx, extensions; @@ -2461,9 +2461,9 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) } /* Free and zero certificate types: it is not present in TLS 1.3 */ - OPENSSL_free(s->s3->tmp.ctype); - s->s3->tmp.ctype = NULL; - s->s3->tmp.ctype_len = 0; + OPENSSL_free(s->s3.tmp.ctype); + s->s3.tmp.ctype = NULL; + s->s3.tmp.ctype_len = 0; OPENSSL_free(s->pha_context); s->pha_context = NULL; @@ -2508,7 +2508,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } - if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) { + if (!PACKET_memdup(&ctypes, &s->s3.tmp.ctype, &s->s3.tmp.ctype_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR); @@ -2558,7 +2558,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) } /* we should setup a certificate to return.... */ - s->s3->tmp.cert_req = 1; + s->s3.tmp.cert_req = 1; /* * In TLSv1.3 we don't prepare the client certificate yet. We wait until @@ -2861,7 +2861,7 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } #ifndef OPENSSL_NO_SRP - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { + if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) { if (SRP_Calc_A_param(s) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE, SSL_R_SRP_A_CALC); @@ -2932,9 +2932,9 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) goto err; } - OPENSSL_free(s->s3->tmp.psk); - s->s3->tmp.psk = tmppsk; - s->s3->tmp.psklen = psklen; + OPENSSL_free(s->s3.tmp.psk); + s->s3.tmp.psk = tmppsk; + s->s3.tmp.psklen = psklen; tmppsk = NULL; OPENSSL_free(s->session->psk_identity); s->session->psk_identity = tmpidentity; @@ -3040,8 +3040,8 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) goto err; } - s->s3->tmp.pms = pms; - s->s3->tmp.pmslen = pmslen; + s->s3.tmp.pms = pms; + s->s3.tmp.pmslen = pmslen; return 1; err: @@ -3064,7 +3064,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) EVP_PKEY *ckey = NULL, *skey = NULL; unsigned char *keybytes = NULL; - skey = s->s3->peer_tmp; + skey = s->s3.peer_tmp; if (skey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); @@ -3122,7 +3122,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) EVP_PKEY *ckey = NULL, *skey = NULL; int ret = 0; - skey = s->s3->peer_tmp; + skey = s->s3.peer_tmp; if (skey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); @@ -3182,7 +3182,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) unsigned char *pms = NULL; size_t pmslen = 0; - if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0) + if ((s->s3.tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0) dgst_nid = NID_id_GostR3411_2012_256; /* @@ -3232,9 +3232,9 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) ukm_hash = EVP_MD_CTX_new(); if (ukm_hash == NULL || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0 - || EVP_DigestUpdate(ukm_hash, s->s3->client_random, + || EVP_DigestUpdate(ukm_hash, s->s3.client_random, SSL3_RANDOM_SIZE) <= 0 - || EVP_DigestUpdate(ukm_hash, s->s3->server_random, + || EVP_DigestUpdate(ukm_hash, s->s3.server_random, SSL3_RANDOM_SIZE) <= 0 || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, @@ -3269,8 +3269,8 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) } EVP_PKEY_CTX_free(pkey_ctx); - s->s3->tmp.pms = pms; - s->s3->tmp.pmslen = pmslen; + s->s3.tmp.pms = pms; + s->s3.tmp.pmslen = pmslen; return 1; err: @@ -3319,7 +3319,7 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) { unsigned long alg_k; - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + alg_k = s->s3.tmp.new_cipher->algorithm_mkey; /* * All of the construct functions below call SSLfatal() if necessary so @@ -3352,11 +3352,11 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) return 1; err: - OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); - s->s3->tmp.pms = NULL; + OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); + s->s3.tmp.pms = NULL; #ifndef OPENSSL_NO_PSK - OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); - s->s3->tmp.psk = NULL; + OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen); + s->s3.tmp.psk = NULL; #endif return 0; } @@ -3366,12 +3366,12 @@ int tls_client_key_exchange_post_work(SSL *s) unsigned char *pms = NULL; size_t pmslen = 0; - pms = s->s3->tmp.pms; - pmslen = s->s3->tmp.pmslen; + pms = s->s3.tmp.pms; + pmslen = s->s3.tmp.pmslen; #ifndef OPENSSL_NO_SRP /* Check for SRP */ - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { + if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) { if (!srp_generate_client_master_secret(s)) { /* SSLfatal() already called */ goto err; @@ -3380,7 +3380,7 @@ int tls_client_key_exchange_post_work(SSL *s) } #endif - if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + if (pms == NULL && !(s->s3.tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE); goto err; @@ -3430,7 +3430,7 @@ int tls_client_key_exchange_post_work(SSL *s) return 1; err: OPENSSL_clear_free(pms, pmslen); - s->s3->tmp.pms = NULL; + s->s3.tmp.pms = NULL; return 0; } @@ -3442,7 +3442,7 @@ int tls_client_key_exchange_post_work(SSL *s) static int ssl3_check_client_certificate(SSL *s) { /* If no suitable signature algorithm can't use certificate */ - if (!tls_choose_sigalg(s, 0) || s->s3->tmp.sigalg == NULL) + if (!tls_choose_sigalg(s, 0) || s->s3.tmp.sigalg == NULL) return 0; /* * If strict mode check suitability of chain before using it. This also @@ -3514,11 +3514,11 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) i = 0; if (i == 0) { if (s->version == SSL3_VERSION) { - s->s3->tmp.cert_req = 0; + s->s3.tmp.cert_req = 0; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); return WORK_FINISHED_CONTINUE; } else { - s->s3->tmp.cert_req = 2; + s->s3.tmp.cert_req = 2; if (!ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */ return WORK_ERROR; @@ -3554,7 +3554,7 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt) } } if (!ssl3_output_cert_chain(s, pkt, - (s->s3->tmp.cert_req == 2) ? NULL + (s->s3.tmp.cert_req == 2) ? NULL : s->cert->key)) { /* SSLfatal() already called */ return 0; @@ -3582,8 +3582,8 @@ int ssl3_check_cert_and_algorithm(SSL *s) size_t idx; long alg_k, alg_a; - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - alg_a = s->s3->tmp.new_cipher->algorithm_auth; + alg_k = s->s3.tmp.new_cipher->algorithm_mkey; + alg_a = s->s3.tmp.new_cipher->algorithm_auth; /* we don't have a certificate */ if (!(alg_a & SSL_aCERT)) @@ -3618,7 +3618,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_DH - if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) { + if ((alg_k & SSL_kDHE) && (s->s3.peer_tmp == NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); return 0; @@ -3782,12 +3782,12 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) /* Sanity check that the maximum version we offer has ciphers enabled */ if (!maxverok) { if (SSL_IS_DTLS(s)) { - if (DTLS_VERSION_GE(c->max_dtls, s->s3->tmp.max_ver) - && DTLS_VERSION_LE(c->min_dtls, s->s3->tmp.max_ver)) + if (DTLS_VERSION_GE(c->max_dtls, s->s3.tmp.max_ver) + && DTLS_VERSION_LE(c->min_dtls, s->s3.tmp.max_ver)) maxverok = 1; } else { - if (c->max_tls >= s->s3->tmp.max_ver - && c->min_tls <= s->s3->tmp.max_ver) + if (c->max_tls >= s->s3.tmp.max_ver + && c->min_tls <= s->s3.tmp.max_ver) maxverok = 1; } } diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 454fc4f..8616e98 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -349,7 +349,7 @@ int dtls_get_message(SSL *s, int *mt, size_t *len) return 0; } - *mt = s->s3->tmp.message_type; + *mt = s->s3.tmp.message_type; p = (unsigned char *)s->init_buf->data; *len = s->init_num; @@ -442,9 +442,9 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) return 0; } - s->s3->tmp.message_size = msg_len; + s->s3.tmp.message_size = msg_len; s->d1->r_msg_hdr.msg_len = msg_len; - s->s3->tmp.message_type = msg_hdr->type; + s->s3.tmp.message_type = msg_hdr->type; s->d1->r_msg_hdr.type = msg_hdr->type; s->d1->r_msg_hdr.seq = msg_hdr->seq; } else if (msg_len != s->d1->r_msg_hdr.msg_len) { @@ -776,8 +776,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) memcpy(s->init_buf->data, wire, readbytes); s->init_num = readbytes - 1; s->init_msg = s->init_buf->data + 1; - s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC; - s->s3->tmp.message_size = readbytes - 1; + s->s3.tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC; + s->s3.tmp.message_size = readbytes - 1; *len = readbytes - 1; return 1; } @@ -902,7 +902,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) * for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->rlayer.read_sequence zero - * ssl->s3->read_mac_secret re-init + * ssl->s3.read_mac_secret re-init * ssl->session->read_sym_enc assign * ssl->session->read_compression assign * ssl->session->read_hash assign @@ -955,7 +955,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s) return WORK_ERROR; } - s->s3->in_read_app_data = 2; + s->s3.in_read_app_data = 2; s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 10cf635..033ea61 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -138,7 +138,7 @@ int tls_setup_handshake(SSL *s) /* N.B. s->ctx may not equal s->session_ctx */ tsan_counter(&s->ctx->stats.sess_accept_renegotiate); - s->s3->tmp.cert_request = 0; + s->s3.tmp.cert_request = 0; } } else { if (SSL_IS_FIRST_HANDSHAKE(s)) @@ -147,10 +147,10 @@ int tls_setup_handshake(SSL *s) tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate); /* mark client_random uninitialized */ - memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); + memset(s->s3.client_random, 0, sizeof(s->s3.client_random)); s->hit = 0; - s->s3->tmp.cert_req = 0; + s->s3.tmp.cert_req = 0; if (SSL_IS_DTLS(s)) s->statem.use_timer = 1; @@ -206,7 +206,7 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, size_t retlen; long retlen_l; - retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata); + retlen = retlen_l = BIO_get_mem_data(s->s3.handshake_buffer, hdata); if (retlen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA, ERR_R_INTERNAL_ERROR); @@ -228,14 +228,14 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) void *hdata; unsigned char *sig = NULL; unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; - const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; + const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg; - if (lu == NULL || s->s3->tmp.cert == NULL) { + if (lu == NULL || s->s3.tmp.cert == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_INTERNAL_ERROR); goto err; } - pkey = s->s3->tmp.cert->privatekey; + pkey = s->s3.tmp.cert->privatekey; if (pkey == NULL || !tls1_lookup_md(lu, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, @@ -389,7 +389,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto err; } - if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) { + if (!tls1_lookup_md(s->s3.tmp.peer_sigalg, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_INTERNAL_ERROR); goto err; @@ -503,13 +503,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) * want to make sure that SSL_get_peer_certificate() will return the actual * server certificate from the client_cert_cb callback. */ - if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1) + if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1) ret = MSG_PROCESS_CONTINUE_PROCESSING; else ret = MSG_PROCESS_CONTINUE_READING; err: - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; + BIO_free(s->s3.handshake_buffer); + s->s3.handshake_buffer = NULL; EVP_MD_CTX_free(mctx); #ifndef OPENSSL_NO_GOST OPENSSL_free(gost_data); @@ -533,7 +533,7 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) */ if (SSL_IS_TLS13(s) && !s->server - && s->s3->tmp.cert_req == 0 + && s->s3.tmp.cert_req == 0 && (!s->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {; /* SSLfatal() already called */ @@ -550,15 +550,15 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, - s->s3->tmp.finish_md); + s->s3.tmp.finish_md); if (finish_md_len == 0) { /* SSLfatal() already called */ return 0; } - s->s3->tmp.finish_md_len = finish_md_len; + s->s3.tmp.finish_md_len = finish_md_len; - if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) { + if (!WPACKET_memcpy(pkt, s->s3.tmp.finish_md, finish_md_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); return 0; @@ -584,13 +584,13 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) return 0; } if (!s->server) { - memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, + memcpy(s->s3.previous_client_finished, s->s3.tmp.finish_md, finish_md_len); - s->s3->previous_client_finished_len = finish_md_len; + s->s3.previous_client_finished_len = finish_md_len; } else { - memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, + memcpy(s->s3.previous_server_finished, s->s3.tmp.finish_md, finish_md_len); - s->s3->previous_server_finished_len = finish_md_len; + s->s3.previous_server_finished_len = finish_md_len; } return 1; @@ -676,11 +676,11 @@ int ssl3_take_mac(SSL *s) slen = s->method->ssl3_enc->client_finished_label_len; } - s->s3->tmp.peer_finish_md_len = + s->s3.tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, - s->s3->tmp.peer_finish_md); + s->s3.tmp.peer_finish_md); - if (s->s3->tmp.peer_finish_md_len == 0) { + if (s->s3.tmp.peer_finish_md_len == 0) { /* SSLfatal() already called */ return 0; } @@ -718,13 +718,13 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) } /* Check we have a cipher to change to */ - if (s->s3->tmp.new_cipher == NULL) { + if (s->s3.tmp.new_cipher == NULL) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); return MSG_PROCESS_ERROR; } - s->s3->change_cipher_spec = 1; + s->s3.change_cipher_spec = 1; if (!ssl3_do_change_cipher_spec(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); @@ -782,14 +782,14 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) } /* If this occurs, we have missed a message */ - if (!SSL_IS_TLS13(s) && !s->s3->change_cipher_spec) { + if (!SSL_IS_TLS13(s) && !s->s3.change_cipher_spec) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); return MSG_PROCESS_ERROR; } - s->s3->change_cipher_spec = 0; + s->s3.change_cipher_spec = 0; - md_len = s->s3->tmp.peer_finish_md_len; + md_len = s->s3.tmp.peer_finish_md_len; if (md_len != PACKET_remaining(pkt)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_FINISHED, @@ -797,7 +797,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } - if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, + if (CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, md_len) != 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_FINISHED, SSL_R_DIGEST_CHECK_FAILED); @@ -813,13 +813,13 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } if (s->server) { - memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, + memcpy(s->s3.previous_client_finished, s->s3.tmp.peer_finish_md, md_len); - s->s3->previous_client_finished_len = md_len; + s->s3.previous_client_finished_len = md_len; } else { - memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, + memcpy(s->s3.previous_server_finished, s->s3.tmp.peer_finish_md, md_len); - s->s3->previous_server_finished_len = md_len; + s->s3.previous_server_finished_len = md_len; } /* @@ -1155,7 +1155,7 @@ int tls_get_message_header(SSL *s, int *mt) return 0; } if (s->statem.hand_state == TLS_ST_BEFORE - && (s->s3->flags & TLS1_FLAGS_STATELESS) != 0) { + && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) { /* * We are stateless and we received a CCS. Probably this is * from a client between the first and second ClientHellos. @@ -1165,10 +1165,10 @@ int tls_get_message_header(SSL *s, int *mt) */ return 0; } - s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; + s->s3.tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; s->init_num = readbytes - 1; s->init_msg = s->init_buf->data; - s->s3->tmp.message_size = readbytes; + s->s3.tmp.message_size = readbytes; return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, @@ -1202,7 +1202,7 @@ int tls_get_message_header(SSL *s, int *mt) /* s->init_num == SSL3_HM_HEADER_LENGTH */ *mt = *p; - s->s3->tmp.message_type = *(p++); + s->s3.tmp.message_type = *(p++); if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { /* @@ -1214,7 +1214,7 @@ int tls_get_message_header(SSL *s, int *mt) */ l = RECORD_LAYER_get_rrec_length(&s->rlayer) + SSL3_HM_HEADER_LENGTH; - s->s3->tmp.message_size = l; + s->s3.tmp.message_size = l; s->init_msg = s->init_buf->data; s->init_num = SSL3_HM_HEADER_LENGTH; @@ -1226,7 +1226,7 @@ int tls_get_message_header(SSL *s, int *mt) SSL_R_EXCESSIVE_MESSAGE_SIZE); return 0; } - s->s3->tmp.message_size = l; + s->s3.tmp.message_size = l; s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; s->init_num = 0; @@ -1241,14 +1241,14 @@ int tls_get_message_body(SSL *s, size_t *len) unsigned char *p; int i; - if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { + if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { /* We've already read everything in */ *len = (unsigned long)s->init_num; return 1; } p = s->init_msg; - n = s->s3->tmp.message_size - s->init_num; + n = s->s3.tmp.message_size - s->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, &p[s->init_num], n, 0, &readbytes); @@ -1291,9 +1291,9 @@ int tls_get_message_body(SSL *s, size_t *len) */ #define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) /* KeyUpdate and NewSessionTicket do not need to be added */ - if (!SSL_IS_TLS13(s) || (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET - && s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE)) { - if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO + if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET + && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { + if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE || memcmp(hrrrandom, s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, @@ -1933,7 +1933,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) /* Check for downgrades */ if (s->version == TLS1_2_VERSION && real_max > s->version) { if (memcmp(tls12downgrade, - s->s3->server_random + SSL3_RANDOM_SIZE + s->s3.server_random + SSL3_RANDOM_SIZE - sizeof(tls12downgrade), sizeof(tls12downgrade)) == 0) { s->version = origv; @@ -1946,7 +1946,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) && s->version < TLS1_2_VERSION && real_max > s->version) { if (memcmp(tls11downgrade, - s->s3->server_random + SSL3_RANDOM_SIZE + s->s3.server_random + SSL3_RANDOM_SIZE - sizeof(tls11downgrade), sizeof(tls11downgrade)) == 0) { s->version = origv; @@ -2200,7 +2200,7 @@ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, if (hrr != NULL && (!ssl3_finish_mac(s, hrr, hrrlen) || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->s3->tmp.message_size + s->s3.tmp.message_size + SSL3_HM_HEADER_LENGTH))) { /* SSLfatal() already called */ return 0; @@ -2263,8 +2263,8 @@ int parse_ca_names(SSL *s, PACKET *pkt) xn = NULL; } - sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); - s->s3->tmp.peer_ca_names = ca_sk; + sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); + s->s3.tmp.peer_ca_names = ca_sk; return 1; @@ -2340,8 +2340,8 @@ size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, ERR_R_MALLOC_FAILURE); return 0; } - memcpy(tbs, s->s3->client_random, SSL3_RANDOM_SIZE); - memcpy(tbs + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE); + memcpy(tbs, s->s3.client_random, SSL3_RANDOM_SIZE); + memcpy(tbs + SSL3_RANDOM_SIZE, s->s3.server_random, SSL3_RANDOM_SIZE); memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen); @@ -2368,7 +2368,7 @@ int tls13_save_handshake_digest_for_pha(SSL *s) return 0; } if (!EVP_MD_CTX_copy_ex(s->pha_dgst, - s->s3->handshake_dgst)) { + s->s3.handshake_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, ERR_R_INTERNAL_ERROR); @@ -2390,7 +2390,7 @@ int tls13_restore_handshake_digest_for_pha(SSL *s) ERR_R_INTERNAL_ERROR); return 0; } - if (!EVP_MD_CTX_copy_ex(s->s3->handshake_dgst, + if (!EVP_MD_CTX_copy_ex(s->s3.handshake_dgst, s->pha_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 781efd2..fe495a3 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -69,7 +69,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt) case TLS_ST_SR_END_OF_EARLY_DATA: case TLS_ST_SW_FINISHED: - if (s->s3->tmp.cert_request) { + if (s->s3.tmp.cert_request) { if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_SR_CERT; return 1; @@ -172,7 +172,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) * list if we requested a certificate) */ if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) { - if (s->s3->tmp.cert_request) { + if (s->s3.tmp.cert_request) { if (s->version == SSL3_VERSION) { if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { @@ -193,7 +193,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) st->hand_state = TLS_ST_SR_KEY_EXCH; return 1; } - } else if (s->s3->tmp.cert_request) { + } else if (s->s3.tmp.cert_request) { if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_SR_CERT; return 1; @@ -245,7 +245,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) case TLS_ST_SR_CHANGE: #ifndef OPENSSL_NO_NEXTPROTONEG - if (s->s3->npn_seen) { + if (s->s3.npn_seen) { if (mt == SSL3_MT_NEXT_PROTO) { st->hand_state = TLS_ST_SR_NEXT_PROTO; return 1; @@ -309,7 +309,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) */ static int send_server_key_exchange(SSL *s) { - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; /* * only send a ServerKeyExchange if DH or fortezza but we have a @@ -371,7 +371,7 @@ int send_certificate_request(SSL *s) * section "Certificate request" in SSL 3 drafts and in * RFC 2246): */ - && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) + && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) /* * ... except when the application insists on * verification (against the specs, but statem_clnt.c accepts @@ -379,12 +379,12 @@ int send_certificate_request(SSL *s) */ || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) /* don't request certificate for SRP auth */ - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP) /* * With normal PSK Certificates and Certificate Requests * are omitted */ - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) { + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) { return 1; } @@ -597,7 +597,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) } else { /* Check if it is anon DH or anon ECDH, */ /* normal PSK or SRP */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & + if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { st->hand_state = TLS_ST_SW_CERT; } else if (send_server_key_exchange(s)) { @@ -735,7 +735,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_CHANGE: if (SSL_IS_TLS13(s)) break; - s->session->cipher = s->s3->tmp.new_cipher; + s->session->cipher = s->s3.tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ return WORK_ERROR; @@ -753,7 +753,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_EARLY_DATA: if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING - && (s->s3->flags & TLS1_FLAGS_STATELESS) == 0) + && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return WORK_FINISHED_CONTINUE; /* Fall through */ @@ -1236,7 +1236,7 @@ static int ssl_check_srp_ext_ClientHello(SSL *s) int ret; int al = SSL_AD_UNRECOGNIZED_NAME; - if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && + if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { if (s->srp_ctx.login == NULL) { /* @@ -1357,7 +1357,7 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; - s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, + s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, ext_len); } #endif /* !OPENSSL_NO_EC */ @@ -1377,7 +1377,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto err; } if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 - || (!s->s3->send_connection_binding + || (!s->s3.send_connection_binding && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) { ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); @@ -1626,7 +1626,7 @@ static int tls_early_post_process_client_hello(SSL *s) } /* Set up the client_random */ - memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE); + memcpy(s->s3.client_random, clienthello->random, SSL3_RANDOM_SIZE); /* Choose the version */ @@ -1721,7 +1721,7 @@ static int tls_early_post_process_client_hello(SSL *s) goto err; } - s->s3->send_connection_binding = 0; + s->s3.send_connection_binding = 0; /* Check what signalling cipher-suite values were received. */ if (scsvs != NULL) { for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { @@ -1734,7 +1734,7 @@ static int tls_early_post_process_client_hello(SSL *s) SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); goto err; } - s->s3->send_connection_binding = 1; + s->s3.send_connection_binding = 1; } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && !ssl_check_version_downgrade(s)) { /* @@ -1764,8 +1764,8 @@ static int tls_early_post_process_client_hello(SSL *s) goto err; } if (s->hello_retry_request == SSL_HRR_PENDING - && (s->s3->tmp.new_cipher == NULL - || s->s3->tmp.new_cipher->id != cipher->id)) { + && (s->s3.tmp.new_cipher == NULL + || s->s3.tmp.new_cipher->id != cipher->id)) { /* * A previous HRR picked a different ciphersuite to the one we * just selected. Something must have changed. @@ -1775,7 +1775,7 @@ static int tls_early_post_process_client_hello(SSL *s) SSL_R_BAD_CIPHER); goto err; } - s->s3->tmp.new_cipher = cipher; + s->s3.tmp.new_cipher = cipher; } /* We need to do this before getting the session */ @@ -1901,7 +1901,7 @@ static int tls_early_post_process_client_hello(SSL *s) */ { unsigned char *pos; - pos = s->s3->server_random; + pos = s->s3.server_random; if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, @@ -1959,7 +1959,7 @@ static int tls_early_post_process_client_hello(SSL *s) * options, we will now look for them. We have complen-1 compression * algorithms from the client, starting at q. */ - s->s3->tmp.new_compression = NULL; + s->s3.tmp.new_compression = NULL; if (SSL_IS_TLS13(s)) { /* * We already checked above that the NULL compression method appears in @@ -1990,11 +1990,11 @@ static int tls_early_post_process_client_hello(SSL *s) for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); if (comp_id == comp->id) { - s->s3->tmp.new_compression = comp; + s->s3.tmp.new_compression = comp; break; } } - if (s->s3->tmp.new_compression == NULL) { + if (s->s3.tmp.new_compression == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_INVALID_COMPRESSION_ALGORITHM); @@ -2032,7 +2032,7 @@ static int tls_early_post_process_client_hello(SSL *s) break; } if (done) - s->s3->tmp.new_compression = comp; + s->s3.tmp.new_compression = comp; else comp = NULL; } @@ -2108,12 +2108,12 @@ static int tls_handle_status_request(SSL *s) int ret; /* If no certificate can't return certificate status */ - if (s->s3->tmp.cert != NULL) { + if (s->s3.tmp.cert != NULL) { /* * Set current certificate to one we will use so SSL_get_certificate * et al can pick it up. */ - s->cert->key = s->s3->tmp.cert; + s->cert->key = s->s3.tmp.cert; ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); switch (ret) { /* We don't want to send a status request response */ @@ -2148,24 +2148,24 @@ int tls_handle_alpn(SSL *s) const unsigned char *selected = NULL; unsigned char selected_len = 0; - if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) { + if (s->ctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len, - s->s3->alpn_proposed, - (unsigned int)s->s3->alpn_proposed_len, + s->s3.alpn_proposed, + (unsigned int)s->s3.alpn_proposed_len, s->ctx->ext.alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); - if (s->s3->alpn_selected == NULL) { + OPENSSL_free(s->s3.alpn_selected); + s->s3.alpn_selected = OPENSSL_memdup(selected, selected_len); + if (s->s3.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, ERR_R_INTERNAL_ERROR); return 0; } - s->s3->alpn_selected_len = selected_len; + s->s3.alpn_selected_len = selected_len; #ifndef OPENSSL_NO_NEXTPROTONEG /* ALPN takes precedence over NPN. */ - s->s3->npn_seen = 0; + s->s3.npn_seen = 0; #endif /* Check ALPN is consistent with session */ @@ -2270,7 +2270,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) SSL_R_NO_SHARED_CIPHER); goto err; } - s->s3->tmp.new_cipher = cipher; + s->s3.tmp.new_cipher = cipher; } if (!s->hit) { if (!tls_choose_sigalg(s, 1)) { @@ -2281,7 +2281,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) if (s->not_resumable_session_cb != NULL) s->session->not_resumable = s->not_resumable_session_cb(s, - ((s->s3->tmp.new_cipher->algorithm_mkey + ((s->s3.tmp.new_cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0)); if (s->session->not_resumable) /* do not send a session ticket */ @@ -2289,7 +2289,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) } } else { /* Session-id reuse */ - s->s3->tmp.new_cipher = s->session->cipher; + s->s3.tmp.new_cipher = s->session->cipher; } /*- @@ -2301,7 +2301,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) * ssl version is set - sslv3 * s->session - The ssl session has been setup. * s->hit - session reuse flag - * s->s3->tmp.new_cipher- the new cipher to use. + * s->s3.tmp.new_cipher - the new cipher to use. */ /* @@ -2363,7 +2363,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) */ || !WPACKET_memcpy(pkt, s->hello_retry_request == SSL_HRR_PENDING - ? hrrrandom : s->s3->server_random, + ? hrrrandom : s->s3.server_random, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); @@ -2411,14 +2411,14 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) #ifdef OPENSSL_NO_COMP compm = 0; #else - if (usetls13 || s->s3->tmp.new_compression == NULL) + if (usetls13 || s->s3.tmp.new_compression == NULL) compm = 0; else - compm = s->s3->tmp.new_compression->id; + compm = s->s3.tmp.new_compression->id; #endif if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) - || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len) + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &len) || !WPACKET_put_bytes_u8(pkt, compm)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); @@ -2461,7 +2461,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) int tls_construct_server_done(SSL *s, WPACKET *pkt) { - if (!s->s3->tmp.cert_request) { + if (!s->s3.tmp.cert_request) { if (!ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */ return 0; @@ -2480,7 +2480,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) size_t encodedlen = 0; int curve_id = 0; #endif - const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; + const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg; int i; unsigned long type; const BIGNUM *r[4]; @@ -2500,7 +2500,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - type = s->s3->tmp.new_cipher->algorithm_mkey; + type = s->s3.tmp.new_cipher->algorithm_mkey; r[0] = r[1] = r[2] = r[3] = NULL; #ifndef OPENSSL_NO_PSK @@ -2554,20 +2554,20 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) SSL_R_DH_KEY_TOO_SMALL); goto err; } - if (s->s3->tmp.pkey != NULL) { + if (s->s3.tmp.pkey != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } - s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); - if (s->s3->tmp.pkey == NULL) { + s->s3.tmp.pkey = ssl_generate_pkey(pkdhp); + if (s->s3.tmp.pkey == NULL) { /* SSLfatal() already called */ goto err; } - dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey); + dh = EVP_PKEY_get0_DH(s->s3.tmp.pkey); if (dh == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, @@ -2585,7 +2585,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) #ifndef OPENSSL_NO_EC if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { - if (s->s3->tmp.pkey != NULL) { + if (s->s3.tmp.pkey != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); @@ -2600,15 +2600,15 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); goto err; } - s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id); + s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id); /* Generate a new key for this curve */ - if (s->s3->tmp.pkey == NULL) { + if (s->s3.tmp.pkey == NULL) { /* SSLfatal() already called */ goto err; } /* Encode the public key. */ - encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey, + encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey, &encodedPoint); if (encodedlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -2649,8 +2649,8 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) - || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { + if (((s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) + || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { lu = NULL; } else if (lu == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, @@ -2751,7 +2751,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) /* not anonymous */ if (lu != NULL) { - EVP_PKEY *pkey = s->s3->tmp.cert->privatekey; + EVP_PKEY *pkey = s->s3.tmp.cert->privatekey; const EVP_MD *md; unsigned char *sigbytes1, *sigbytes2, *tbs; size_t siglen, tbslen; @@ -2900,7 +2900,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) done: s->certreqs_sent++; - s->s3->tmp.cert_request = 1; + s->s3.tmp.cert_request = 1; return 1; } @@ -2950,17 +2950,17 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) return 0; } - OPENSSL_free(s->s3->tmp.psk); - s->s3->tmp.psk = OPENSSL_memdup(psk, psklen); + OPENSSL_free(s->s3.tmp.psk); + s->s3.tmp.psk = OPENSSL_memdup(psk, psklen); OPENSSL_cleanse(psk, psklen); - if (s->s3->tmp.psk == NULL) { + if (s->s3.tmp.psk == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); return 0; } - s->s3->tmp.psklen = psklen; + s->s3.tmp.psklen = psklen; return 1; #else @@ -3158,7 +3158,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); goto err; } - skey = s->s3->tmp.pkey; + skey = s->s3.tmp.pkey; if (skey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY); @@ -3198,8 +3198,8 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) } ret = 1; - EVP_PKEY_free(s->s3->tmp.pkey); - s->s3->tmp.pkey = NULL; + EVP_PKEY_free(s->s3.tmp.pkey); + s->s3.tmp.pkey = NULL; err: EVP_PKEY_free(ckey); return ret; @@ -3214,7 +3214,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_EC - EVP_PKEY *skey = s->s3->tmp.pkey; + EVP_PKEY *skey = s->s3.tmp.pkey; EVP_PKEY *ckey = NULL; int ret = 0; @@ -3264,8 +3264,8 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) } ret = 1; - EVP_PKEY_free(s->s3->tmp.pkey); - s->s3->tmp.pkey = NULL; + EVP_PKEY_free(s->s3.tmp.pkey); + s->s3.tmp.pkey = NULL; err: EVP_PKEY_free(ckey); @@ -3336,7 +3336,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) PACKET encdata; /* Get our certificate private key */ - alg_a = s->s3->tmp.new_cipher->algorithm_auth; + alg_a = s->s3.tmp.new_cipher->algorithm_auth; if (alg_a & SSL_aGOST12) { /* * New GOST ciphersuites have SSL_aGOST01 bit too @@ -3444,7 +3444,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) { unsigned long alg_k; - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + alg_k = s->s3.tmp.new_cipher->algorithm_mkey; /* For PSK parse and retrieve identity, obtain PSK key */ if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) { @@ -3500,8 +3500,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) return MSG_PROCESS_CONTINUE_PROCESSING; err: #ifndef OPENSSL_NO_PSK - OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); - s->s3->tmp.psk = NULL; + OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen); + s->s3.tmp.psk = NULL; #endif return MSG_PROCESS_ERROR; } @@ -3553,7 +3553,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) } return WORK_FINISHED_CONTINUE; } else { - if (!s->s3->handshake_buffer) { + if (!s->s3.handshake_buffer) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); @@ -3684,7 +3684,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto err; } /* No client certificate so digest cached records */ - if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) { + if (s->s3.handshake_buffer && !ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */ goto err; } @@ -3776,7 +3776,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) int tls_construct_server_certificate(SSL *s, WPACKET *pkt) { - CERT_PKEY *cpk = s->s3->tmp.cert; + CERT_PKEY *cpk = s->s3.tmp.cert; if (cpk == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -4106,17 +4106,17 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) s->session->master_key_length = hashlen; s->session->time = (long)time(NULL); - if (s->s3->alpn_selected != NULL) { + if (s->s3.alpn_selected != NULL) { OPENSSL_free(s->session->ext.alpn_selected); s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); goto err; } - s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; + s->session->ext.alpn_selected_len = s->s3.alpn_selected_len; } s->session->ext.max_early_data = s->max_early_data; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5925e6a..9f2dbee 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -75,8 +75,8 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) /* Calls SSLfatal() as required */ ret = tls1_PRF(s, TLS_MD_KEY_EXPANSION_CONST, - TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random, - SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE, + TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random, + SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, km, num, 1); @@ -140,20 +140,20 @@ int tls1_change_cipher_state(SSL *s, int which) int bit; #endif - c = s->s3->tmp.new_sym_enc; - m = s->s3->tmp.new_hash; - mac_type = s->s3->tmp.new_mac_pkey_type; + c = s->s3.tmp.new_sym_enc; + m = s->s3.tmp.new_hash; + mac_type = s->s3.tmp.new_mac_pkey_type; #ifndef OPENSSL_NO_COMP - comp = s->s3->tmp.new_compression; + comp = s->s3.tmp.new_compression; #endif if (which & SSL3_CC_READ) { if (s->ext.use_etm) - s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; + s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; else - s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; + s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; - if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) + if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; else s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; @@ -195,16 +195,16 @@ int tls1_change_cipher_state(SSL *s, int which) */ if (!SSL_IS_DTLS(s)) RECORD_LAYER_reset_read_sequence(&s->rlayer); - mac_secret = &(s->s3->read_mac_secret[0]); - mac_secret_size = &(s->s3->read_mac_secret_size); + mac_secret = &(s->s3.read_mac_secret[0]); + mac_secret_size = &(s->s3.read_mac_secret_size); } else { s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; if (s->ext.use_etm) - s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; + s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; else - s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; + s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; - if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) + if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; else s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; @@ -252,15 +252,15 @@ int tls1_change_cipher_state(SSL *s, int which) */ if (!SSL_IS_DTLS(s)) RECORD_LAYER_reset_write_sequence(&s->rlayer); - mac_secret = &(s->s3->write_mac_secret[0]); - mac_secret_size = &(s->s3->write_mac_secret_size); + mac_secret = &(s->s3.write_mac_secret[0]); + mac_secret_size = &(s->s3.write_mac_secret_size); } if (reuse_dd) EVP_CIPHER_CTX_reset(dd); - p = s->s3->tmp.key_block; - i = *mac_secret_size = s->s3->tmp.new_mac_secret_size; + p = s->s3.tmp.key_block; + i = *mac_secret_size = s->s3.tmp.new_mac_secret_size; /* TODO(size_t): convert me */ cl = EVP_CIPHER_key_length(c); @@ -291,7 +291,7 @@ int tls1_change_cipher_state(SSL *s, int which) n += k; } - if (n > s->s3->tmp.key_block_length) { + if (n > s->s3.tmp.key_block_length) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err; @@ -328,7 +328,7 @@ int tls1_change_cipher_state(SSL *s, int which) } } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) { int taglen; - if (s->s3->tmp. + if (s->s3.tmp. new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; else @@ -471,7 +471,7 @@ int tls1_setup_key_block(SSL *s) size_t num, mac_secret_size = 0; int ret = 0; - if (s->s3->tmp.key_block_length != 0) + if (s->s3.tmp.key_block_length != 0) return 1; if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size, @@ -481,10 +481,10 @@ int tls1_setup_key_block(SSL *s) return 0; } - s->s3->tmp.new_sym_enc = c; - s->s3->tmp.new_hash = hash; - s->s3->tmp.new_mac_pkey_type = mac_type; - s->s3->tmp.new_mac_secret_size = mac_secret_size; + s->s3.tmp.new_sym_enc = c; + s->s3.tmp.new_hash = hash; + s->s3.tmp.new_mac_pkey_type = mac_type; + s->s3.tmp.new_mac_secret_size = mac_secret_size; num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c); num *= 2; @@ -496,14 +496,14 @@ int tls1_setup_key_block(SSL *s) goto err; } - s->s3->tmp.key_block_length = num; - s->s3->tmp.key_block = p; + s->s3.tmp.key_block_length = num; + s->s3.tmp.key_block = p; OSSL_TRACE_BEGIN(TLS) { BIO_printf(trc_out, "client random\n"); - BIO_dump_indent(trc_out, s->s3->client_random, SSL3_RANDOM_SIZE, 4); + BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "server random\n"); - BIO_dump_indent(trc_out, s->s3->server_random, SSL3_RANDOM_SIZE, 4); + BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "master key\n"); BIO_dump_indent(trc_out, s->session->master_key, @@ -526,15 +526,15 @@ int tls1_setup_key_block(SSL *s) * enable vulnerability countermeasure for CBC ciphers with known-IV * problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - s->s3->need_empty_fragments = 1; + s->s3.need_empty_fragments = 1; if (s->session->cipher != NULL) { if (s->session->cipher->algorithm_enc == SSL_eNULL) - s->s3->need_empty_fragments = 0; + s->s3.need_empty_fragments = 0; #ifndef OPENSSL_NO_RC4 if (s->session->cipher->algorithm_enc == SSL_RC4) - s->s3->need_empty_fragments = 0; + s->s3.need_empty_fragments = 0; #endif } } @@ -606,9 +606,9 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, if (!tls1_PRF(s, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, - s->s3->client_random, SSL3_RANDOM_SIZE, + s->s3.client_random, SSL3_RANDOM_SIZE, NULL, 0, - s->s3->server_random, SSL3_RANDOM_SIZE, + s->s3.server_random, SSL3_RANDOM_SIZE, NULL, 0, p, len, out, SSL3_MASTER_SECRET_SIZE, 1)) { /* SSLfatal() already called */ @@ -620,9 +620,9 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, BIO_printf(trc_out, "Premaster Secret:\n"); BIO_dump_indent(trc_out, p, len, 4); BIO_printf(trc_out, "Client Random:\n"); - BIO_dump_indent(trc_out, s->s3->client_random, SSL3_RANDOM_SIZE, 4); + BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "Server Random:\n"); - BIO_dump_indent(trc_out, s->s3->server_random, SSL3_RANDOM_SIZE, 4); + BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "Master Secret:\n"); BIO_dump_indent(trc_out, s->session->master_key, @@ -658,9 +658,9 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, currentvalpos = 0; memcpy(val + currentvalpos, (unsigned char *)label, llen); currentvalpos += llen; - memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE); + memcpy(val + currentvalpos, s->s3.client_random, SSL3_RANDOM_SIZE); currentvalpos += SSL3_RANDOM_SIZE; - memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE); + memcpy(val + currentvalpos, s->s3.server_random, SSL3_RANDOM_SIZE); currentvalpos += SSL3_RANDOM_SIZE; if (use_context) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 5dc645a..8fad1f2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -292,7 +292,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) * For Suite B ciphersuite determines curve: we already know * these are acceptable due to previous checks. */ - unsigned long cid = s->s3->tmp.new_cipher->id; + unsigned long cid = s->s3.tmp.new_cipher->id; if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) return TLSEXT_curve_P_256; @@ -485,8 +485,8 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) return 0; /* Check for Suite B compliance */ - if (tls1_suiteb(s) && s->s3->tmp.new_cipher != NULL) { - unsigned long cid = s->s3->tmp.new_cipher->id; + if (tls1_suiteb(s) && s->s3.tmp.new_cipher != NULL) { + unsigned long cid = s->s3.tmp.new_cipher->id; if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { if (group_id != TLSEXT_curve_P_256) @@ -861,7 +861,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) for (i = 0; i < SSL_PKEY_NUM; i++) { const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i); - if (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) { + if (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) { idx = i; break; } @@ -870,7 +870,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) /* * Some GOST ciphersuites allow more than one signature algorithms * */ - if (idx == SSL_PKEY_GOST01 && s->s3->tmp.new_cipher->algorithm_auth != SSL_aGOST01) { + if (idx == SSL_PKEY_GOST01 && s->s3.tmp.new_cipher->algorithm_auth != SSL_aGOST01) { int real_idx; for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01; @@ -907,7 +907,7 @@ int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey) lu = tls1_get_legacy_sigalg(s, idx); if (lu == NULL) return 0; - s->s3->tmp.peer_sigalg = lu; + s->s3.tmp.peer_sigalg = lu; return 1; } @@ -1112,23 +1112,23 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) } } /* Store the sigalg the peer uses */ - s->s3->tmp.peer_sigalg = lu; + s->s3.tmp.peer_sigalg = lu; return 1; } int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) { - if (s->s3->tmp.peer_sigalg == NULL) + if (s->s3.tmp.peer_sigalg == NULL) return 0; - *pnid = s->s3->tmp.peer_sigalg->sig; + *pnid = s->s3.tmp.peer_sigalg->sig; return 1; } int SSL_get_signature_type_nid(const SSL *s, int *pnid) { - if (s->s3->tmp.sigalg == NULL) + if (s->s3.tmp.sigalg == NULL) return 0; - *pnid = s->s3->tmp.sigalg->sig; + *pnid = s->s3.tmp.sigalg->sig; return 1; } @@ -1144,23 +1144,23 @@ int SSL_get_signature_type_nid(const SSL *s, int *pnid) */ int ssl_set_client_disabled(SSL *s) { - s->s3->tmp.mask_a = 0; - s->s3->tmp.mask_k = 0; - ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); - if (ssl_get_min_max_version(s, &s->s3->tmp.min_ver, - &s->s3->tmp.max_ver, NULL) != 0) + s->s3.tmp.mask_a = 0; + s->s3.tmp.mask_k = 0; + ssl_set_sig_mask(&s->s3.tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); + if (ssl_get_min_max_version(s, &s->s3.tmp.min_ver, + &s->s3.tmp.max_ver, NULL) != 0) return 0; #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (!s->psk_client_callback) { - s->s3->tmp.mask_a |= SSL_aPSK; - s->s3->tmp.mask_k |= SSL_PSK; + s->s3.tmp.mask_a |= SSL_aPSK; + s->s3.tmp.mask_k |= SSL_PSK; } #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) { - s->s3->tmp.mask_a |= SSL_aSRP; - s->s3->tmp.mask_k |= SSL_kSRP; + s->s3.tmp.mask_a |= SSL_aSRP; + s->s3.tmp.mask_k |= SSL_kSRP; } #endif return 1; @@ -1177,10 +1177,10 @@ int ssl_set_client_disabled(SSL *s) */ int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe) { - if (c->algorithm_mkey & s->s3->tmp.mask_k - || c->algorithm_auth & s->s3->tmp.mask_a) + if (c->algorithm_mkey & s->s3.tmp.mask_k + || c->algorithm_auth & s->s3.tmp.mask_a) return 1; - if (s->s3->tmp.max_ver == 0) + if (s->s3.tmp.max_ver == 0) return 1; if (!SSL_IS_DTLS(s)) { int min_tls = c->min_tls; @@ -1193,11 +1193,11 @@ int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe) && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) min_tls = SSL3_VERSION; - if ((min_tls > s->s3->tmp.max_ver) || (c->max_tls < s->s3->tmp.min_ver)) + if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver)) return 1; } - if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver) - || DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver))) + if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) + || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) return 1; return !ssl_security(s, op, c->strength_bits, 0, (void *)c); @@ -1220,13 +1220,13 @@ int tls1_set_server_sigalgs(SSL *s) s->cert->shared_sigalgslen = 0; /* Clear certificate validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) - s->s3->tmp.valid_flags[i] = 0; + s->s3.tmp.valid_flags[i] = 0; /* * If peer sent no signature algorithms check to see if we support * the default algorithm for each certificate type */ - if (s->s3->tmp.peer_cert_sigalgs == NULL - && s->s3->tmp.peer_sigalgs == NULL) { + if (s->s3.tmp.peer_cert_sigalgs == NULL + && s->s3.tmp.peer_sigalgs == NULL) { const uint16_t *sent_sigs; size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); @@ -1239,7 +1239,7 @@ int tls1_set_server_sigalgs(SSL *s) /* Check default matches a type we sent */ for (j = 0; j < sent_sigslen; j++) { if (lu->sigalg == sent_sigs[j]) { - s->s3->tmp.valid_flags[i] = CERT_PKEY_SIGN; + s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN; break; } } @@ -1567,7 +1567,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) return 0; /* TODO(OpenSSL1.2) fully axe DSA/etc. in ClientHello per TLS 1.3 spec */ - if (!s->server && !SSL_IS_DTLS(s) && s->s3->tmp.min_ver >= TLS1_3_VERSION + if (!s->server && !SSL_IS_DTLS(s) && s->s3.tmp.min_ver >= TLS1_3_VERSION && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX || lu->hash_idx == SSL_MD_MD5_IDX || lu->hash_idx == SSL_MD_SHA224_IDX)) @@ -1585,7 +1585,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) return 0; if (!s->server && s->method->version == TLS_ANY_VERSION - && s->s3->tmp.max_ver >= TLS1_3_VERSION) { + && s->s3.tmp.max_ver >= TLS1_3_VERSION) { int i, num; STACK_OF(SSL_CIPHER) *sk; @@ -1595,7 +1595,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) * ciphersuites enabled. */ - if (s->s3->tmp.min_ver >= TLS1_3_VERSION) + if (s->s3.tmp.min_ver >= TLS1_3_VERSION) return 0; sk = SSL_get_ciphers(s); @@ -1739,13 +1739,13 @@ static int tls1_set_shared_sigalgs(SSL *s) if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) { pref = conf; preflen = conflen; - allow = s->s3->tmp.peer_sigalgs; - allowlen = s->s3->tmp.peer_sigalgslen; + allow = s->s3.tmp.peer_sigalgs; + allowlen = s->s3.tmp.peer_sigalgslen; } else { allow = conf; allowlen = conflen; - pref = s->s3->tmp.peer_sigalgs; - preflen = s->s3->tmp.peer_sigalgslen; + pref = s->s3.tmp.peer_sigalgs; + preflen = s->s3.tmp.peer_sigalgslen; } nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen); if (nmatch) { @@ -1805,11 +1805,11 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert) return 0; if (cert) - return tls1_save_u16(pkt, &s->s3->tmp.peer_cert_sigalgs, - &s->s3->tmp.peer_cert_sigalgslen); + return tls1_save_u16(pkt, &s->s3.tmp.peer_cert_sigalgs, + &s->s3.tmp.peer_cert_sigalgslen); else - return tls1_save_u16(pkt, &s->s3->tmp.peer_sigalgs, - &s->s3->tmp.peer_sigalgslen); + return tls1_save_u16(pkt, &s->s3.tmp.peer_sigalgs, + &s->s3.tmp.peer_sigalgslen); } @@ -1818,7 +1818,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert) int tls1_process_sigalgs(SSL *s) { size_t i; - uint32_t *pvalid = s->s3->tmp.valid_flags; + uint32_t *pvalid = s->s3.tmp.valid_flags; CERT *c = s->cert; if (!tls1_set_shared_sigalgs(s)) @@ -1845,8 +1845,8 @@ int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignhash, unsigned char *rsig, unsigned char *rhash) { - uint16_t *psig = s->s3->tmp.peer_sigalgs; - size_t numsigalgs = s->s3->tmp.peer_sigalgslen; + uint16_t *psig = s->s3.tmp.peer_sigalgs; + size_t numsigalgs = s->s3.tmp.peer_sigalgslen; if (psig == NULL || numsigalgs > INT_MAX) return 0; if (idx >= 0) { @@ -2134,7 +2134,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, idx = (int)(cpk - c->pkeys); } else cpk = c->pkeys + idx; - pvalid = s->s3->tmp.valid_flags + idx; + pvalid = s->s3.tmp.valid_flags + idx; x = cpk->x509; pk = cpk->privatekey; chain = cpk->chain; @@ -2151,7 +2151,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL) return 0; idx = certidx; - pvalid = s->s3->tmp.valid_flags + idx; + pvalid = s->s3.tmp.valid_flags + idx; if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) check_flags = CERT_PKEY_STRICT_FLAGS; @@ -2178,8 +2178,8 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) { int default_nid; int rsign = 0; - if (s->s3->tmp.peer_cert_sigalgs != NULL - || s->s3->tmp.peer_sigalgs != NULL) { + if (s->s3.tmp.peer_cert_sigalgs != NULL + || s->s3.tmp.peer_sigalgs != NULL) { default_nid = 0; /* If no sigalgs extension use defaults from RFC5246 */ } else { @@ -2296,10 +2296,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, break; } if (check_type) { - const uint8_t *ctypes = s->s3->tmp.ctype; + const uint8_t *ctypes = s->s3.tmp.ctype; size_t j; - for (j = 0; j < s->s3->tmp.ctype_len; j++, ctypes++) { + for (j = 0; j < s->s3.tmp.ctype_len; j++, ctypes++) { if (*ctypes == check_type) { rv |= CERT_PKEY_CERT_TYPE; break; @@ -2311,7 +2311,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, rv |= CERT_PKEY_CERT_TYPE; } - ca_dn = s->s3->tmp.peer_ca_names; + ca_dn = s->s3.tmp.peer_ca_names; if (!sk_X509_NAME_num(ca_dn)) rv |= CERT_PKEY_ISSUER_NAME; @@ -2386,15 +2386,15 @@ DH *ssl_get_auto_dh(SSL *s) int dh_secbits = 80; if (s->cert->dh_tmp_auto == 2) return DH_get_1024_160(); - if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { - if (s->s3->tmp.new_cipher->strength_bits == 256) + if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { + if (s->s3.tmp.new_cipher->strength_bits == 256) dh_secbits = 128; else dh_secbits = 80; } else { - if (s->s3->tmp.cert == NULL) + if (s->s3.tmp.cert == NULL) return NULL; - dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey); } if (dh_secbits >= 128) { @@ -2519,12 +2519,12 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) /* If not recognised or not supported by cipher mask it is not suitable */ if (clu == NULL - || (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0 + || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0 || (clu->nid == EVP_PKEY_RSA_PSS - && (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) + && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) return -1; - return s->s3->tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; + return s->s3.tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; } /* @@ -2545,9 +2545,9 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) idx = sig->sig_idx; if (!ssl_has_cert(s, idx)) return 0; - if (s->s3->tmp.peer_cert_sigalgs != NULL) { - for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { - lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); + if (s->s3.tmp.peer_cert_sigalgs != NULL) { + for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) { + lu = tls1_lookup_sigalg(s->s3.tmp.peer_cert_sigalgs[i]); if (lu == NULL || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid, &pknid, NULL, NULL) @@ -2602,8 +2602,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) const SIGALG_LOOKUP *lu = NULL; int sig_idx = -1; - s->s3->tmp.cert = NULL; - s->s3->tmp.sigalg = NULL; + s->s3.tmp.cert = NULL; + s->s3.tmp.sigalg = NULL; if (SSL_IS_TLS13(s)) { size_t i; @@ -2656,14 +2656,14 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) } } else { /* If ciphersuite doesn't require a cert nothing to do */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aCERT)) + if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT)) return 1; if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys)) return 1; if (SSL_USE_SIGALGS(s)) { size_t i; - if (s->s3->tmp.peer_sigalgs != NULL) { + if (s->s3.tmp.peer_sigalgs != NULL) { #ifndef OPENSSL_NO_EC int curve; @@ -2759,9 +2759,9 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) } if (sig_idx == -1) sig_idx = lu->sig_idx; - s->s3->tmp.cert = &s->cert->pkeys[sig_idx]; - s->cert->key = s->s3->tmp.cert; - s->s3->tmp.sigalg = lu; + s->s3.tmp.cert = &s->cert->pkeys[sig_idx]; + s->cert->key = s->s3.tmp.cert; + s->s3.tmp.sigalg = lu; return 1; } diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 9368baf..489558e 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1030,7 +1030,7 @@ static int ssl_print_server_hello(BIO *bio, int indent, static int ssl_get_keyex(const char **pname, const SSL *ssl) { - unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey; + unsigned long alg_k = ssl->s3.tmp.new_cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { *pname = "rsa"; diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index e6cd705..edb3290 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -324,15 +324,15 @@ int tls13_setup_key_block(SSL *s) const EVP_CIPHER *c; const EVP_MD *hash; - s->session->cipher = s->s3->tmp.new_cipher; + s->session->cipher = s->s3.tmp.new_cipher; if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return 0; } - s->s3->tmp.new_sym_enc = c; - s->s3->tmp.new_hash = hash; + s->s3.tmp.new_sym_enc = c; + s->s3.tmp.new_hash = hash; return 1; } @@ -370,11 +370,11 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, uint32_t algenc; ivlen = EVP_CCM_TLS_IV_LEN; - if (s->s3->tmp.new_cipher == NULL) { + if (s->s3.tmp.new_cipher == NULL) { /* We've not selected a cipher yet - we must be doing early data */ algenc = s->session->cipher->algorithm_enc; } else { - algenc = s->s3->tmp.new_cipher->algorithm_enc; + algenc = s->s3.tmp.new_cipher->algorithm_enc; } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; @@ -479,7 +479,7 @@ int tls13_change_cipher_state(SSL *s, int which) labellen = sizeof(client_early_traffic) - 1; log_label = CLIENT_EARLY_LABEL; - handlen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + handlen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); if (handlen <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE, @@ -600,7 +600,7 @@ int tls13_change_cipher_state(SSL *s, int which) if (!(which & SSL3_CC_EARLY)) { md = ssl_handshake_md(s); - cipher = s->s3->tmp.new_sym_enc; + cipher = s->s3.tmp.new_sym_enc; if (!ssl3_digest_cached_records(s, 1) || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) { /* SSLfatal() already called */; @@ -709,7 +709,7 @@ int tls13_update_key(SSL *s, int sending) } if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s), - s->s3->tmp.new_sym_enc, insecret, NULL, + s->s3.tmp.new_sym_enc, insecret, NULL, application_traffic, sizeof(application_traffic) - 1, secret, iv, ciph_ctx)) { diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index 53ef467..a5580a2 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -339,8 +339,8 @@ static int test_tls13_encryption(void) if (!TEST_ptr(s->enc_write_ctx)) goto err; - s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); - if (!TEST_ptr(s->s3->tmp.new_cipher)) { + s->s3.tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); + if (!TEST_ptr(s->s3.tmp.new_cipher)) { TEST_info("Failed to find cipher"); goto err; } From builds at travis-ci.org Mon Apr 29 16:50:53 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 29 Apr 2019 16:50:53 +0000 Subject: Still Failing: openssl/openssl#24943 (master - 555cbb3) In-Reply-To: Message-ID: <5cc72b6d5e5c6_43fcbaf87dba01649c0@3bc2d6ca-531d-4c02-aad9-dd5d418aad75.mail> Build Update for openssl/openssl ------------------------------------- Build: #24943 Status: Still Failing Duration: 19 mins and 7 secs Commit: 555cbb3 (master) Author: Todd Short Message: Collapse ssl3_state_st (s3) into ssl_st With the removal of SSLv2, the s3 structure is always allocated, so there is little point in having it be an allocated pointer. Collapse the ssl3_state_st structure into ssl_st and fixup any references. This should be faster than going through an indirection and due to fewer allocations, but I'm not seeing any significant performance improvement; it seems to be within the margin of error in timing. Reviewed-by: Paul Yang Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7888) View the changeset: https://github.com/openssl/openssl/compare/d7fcf1feac3b...555cbb328ee2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526053632?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Apr 30 03:44:02 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 30 Apr 2019 03:44:02 +0000 Subject: [openssl] master update Message-ID: <1556595842.592668.29612.nullmailer@dev.openssl.org> The branch master has been updated via 8094a6945873f492fe40c88b966b86629bc6c6d7 (commit) from 555cbb328ee2eaa9356cd23e2194c1600653c500 (commit) - Log ----------------------------------------------------------------- commit 8094a6945873f492fe40c88b966b86629bc6c6d7 Author: Pauli Date: Tue Apr 30 13:43:19 2019 +1000 Squashed commit of the following: Digest stored entropy for CRNG test. Via the FIPS lab, NIST confirmed: The CMVP had a chance to discuss this inquiry and we agree that hashing the NDRNG block does meet the spirit and letter of AS09.42. However, the CMVP did have a few questions: what hash algorithm would be used in this application? Is it approved? Is it CAVs tested? SHA256 is being used here and it will be both approved and CAVs tested. This means that no raw entropy needs to be kept between RNG seedings, preventing a potential attack vector aganst the randomness source and the DRBG chains. It also means the block of secure memory allocated for this purpose is no longer required. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8790) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_crng_test.c | 45 ++++++++++++++++++++++++++------------------ crypto/rand/rand_lcl.h | 6 ++++-- test/drbgtest.c | 5 +++-- 3 files changed, 34 insertions(+), 22 deletions(-) diff --git a/crypto/rand/rand_crng_test.c b/crypto/rand/rand_crng_test.c index 87f4ee1..1b4f167 100644 --- a/crypto/rand/rand_crng_test.c +++ b/crypto/rand/rand_crng_test.c @@ -13,45 +13,52 @@ */ #include +#include #include "internal/rand_int.h" #include "internal/thread_once.h" #include "rand_lcl.h" static RAND_POOL *crngt_pool; -static unsigned char *crngt_prev; +static unsigned char crngt_prev[EVP_MAX_MD_SIZE]; -int (*crngt_get_entropy)(unsigned char *) = &rand_crngt_get_entropy_cb; +int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *) + = &rand_crngt_get_entropy_cb; -int rand_crngt_get_entropy_cb(unsigned char *buf) +int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md, + unsigned int *md_size) { + int r; size_t n; unsigned char *p; - while ((n = rand_pool_acquire_entropy(crngt_pool)) != 0) - if (n >= CRNGT_BUFSIZ) { - p = rand_pool_detach(crngt_pool); + n = rand_pool_acquire_entropy(crngt_pool); + if (n >= CRNGT_BUFSIZ) { + p = rand_pool_detach(crngt_pool); + r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); + if (r != 0) memcpy(buf, p, CRNGT_BUFSIZ); - rand_pool_reattach(crngt_pool, p); - return 1; - } + rand_pool_reattach(crngt_pool, p); + return r; + } return 0; - } + void rand_crngt_cleanup(void) { rand_pool_free(crngt_pool); - OPENSSL_secure_free(crngt_prev); crngt_pool = NULL; - crngt_prev = NULL; } int rand_crngt_init(void) { + unsigned char buf[CRNGT_BUFSIZ]; + if ((crngt_pool = rand_pool_new(0, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) return 0; - if ((crngt_prev = OPENSSL_secure_malloc(CRNGT_BUFSIZ)) != NULL - && crngt_get_entropy(crngt_prev)) + if (crngt_get_entropy(buf, crngt_prev, NULL)) { + OPENSSL_cleanse(buf, sizeof(buf)); return 1; + } rand_crngt_cleanup(); return 0; } @@ -74,7 +81,8 @@ size_t rand_crngt_get_entropy(RAND_DRBG *drbg, int entropy, size_t min_len, size_t max_len, int prediction_resistance) { - unsigned char buf[CRNGT_BUFSIZ]; + unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE]; + unsigned int sz; RAND_POOL *pool; size_t q, r = 0, s, t = 0; int attempts = 3; @@ -87,17 +95,18 @@ size_t rand_crngt_get_entropy(RAND_DRBG *drbg, while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) { s = q > sizeof(buf) ? sizeof(buf) : q; - if (!crngt_get_entropy(buf) - || memcmp(crngt_prev, buf, CRNGT_BUFSIZ) == 0 + if (!crngt_get_entropy(buf, md, &sz) + || memcmp(crngt_prev, md, sz) == 0 || !rand_pool_add(pool, buf, s, s * 8)) goto err; - memcpy(crngt_prev, buf, CRNGT_BUFSIZ); + memcpy(crngt_prev, md, sz); t += s; attempts++; } r = t; *pout = rand_pool_detach(pool); err: + OPENSSL_cleanse(buf, sizeof(buf)); rand_pool_free(pool); return r; } diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index d793d28..3ce5f7a 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -334,8 +334,10 @@ int drbg_hmac_init(RAND_DRBG *drbg); * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests. * These need to be exposed for the unit tests. */ -int rand_crngt_get_entropy_cb(unsigned char *buf); -extern int (*crngt_get_entropy)(unsigned char *); +int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md, + unsigned int *md_size); +extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md, + unsigned int *md_size); int rand_crngt_init(void); void rand_crngt_cleanup(void); diff --git a/test/drbgtest.c b/test/drbgtest.c index bf4c723..42af048 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -1249,7 +1249,8 @@ static const size_t crngt_num_cases = 6; static size_t crngt_case, crngt_idx; -static int crngt_entropy_cb(unsigned char *buf) +static int crngt_entropy_cb(unsigned char *buf, unsigned char *md, + unsigned int *md_size) { size_t i, z; @@ -1261,7 +1262,7 @@ static int crngt_entropy_cb(unsigned char *buf) z--; for (i = 0; i < CRNGT_BUFSIZ; i++) buf[i] = (unsigned char)(i + 'A' + z); - return 1; + return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); } static int test_crngt(int n) From builds at travis-ci.org Tue Apr 30 04:03:20 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Apr 2019 04:03:20 +0000 Subject: Still Failing: openssl/openssl#24947 (master - 8094a69) In-Reply-To: Message-ID: <5cc7c907e1a00_43fa55136ac3c2403a1@8a6c6c5d-e541-49e0-b2c4-9788ae77d4f0.mail> Build Update for openssl/openssl ------------------------------------- Build: #24947 Status: Still Failing Duration: 18 mins and 40 secs Commit: 8094a69 (master) Author: Pauli Message: Squashed commit of the following: Digest stored entropy for CRNG test. Via the FIPS lab, NIST confirmed: The CMVP had a chance to discuss this inquiry and we agree that hashing the NDRNG block does meet the spirit and letter of AS09.42. However, the CMVP did have a few questions: what hash algorithm would be used in this application? Is it approved? Is it CAVs tested? SHA256 is being used here and it will be both approved and CAVs tested. This means that no raw entropy needs to be kept between RNG seedings, preventing a potential attack vector aganst the randomness source and the DRBG chains. It also means the block of secure memory allocated for this purpose is no longer required. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/8790) View the changeset: https://github.com/openssl/openssl/compare/555cbb328ee2...8094a6945873 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526261931?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Apr 30 05:47:11 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 30 Apr 2019 05:47:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1556603231.743628.31368.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 555cbb328e Collapse ssl3_state_st (s3) into ssl_st Build log ended with (last 100 lines): crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222: more undefined references to `__afl_prev_loc' follow crypto/sha/fips-dso-sha256.o: In function `SHA256': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Update': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA224_Final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90): undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383: undefined reference to `__afl_area_ptr' crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform': /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:45: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_final': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:31: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:35: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:36: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:41: undefined reference to `__afl_prev_loc' providers/common/digests/fips-dso-sha2.o: In function `sha256_freectx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:50: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_dupctx': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:57: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:69: undefined reference to `__afl_area_ptr' providers/common/digests/fips-dso-sha2.o: In function `sha256_block_size': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:74: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:79: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:83: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:80: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:87: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:97: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:29: undefined reference to `__afl_area_ptr' providers/fips/fips-dso-fipsprov.o: In function `fips_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:34: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:40: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:42: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:43: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:45: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:46: undefined reference to `__afl_prev_loc' providers/fips/fips-dso-fipsprov.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:49: more undefined references to `__afl_prev_loc' follow providers/fips/fips-dso-fipsprov.o: In function `fips_query': /home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/fips/fipsprov.c:59: undefined reference to `__afl_area_ptr' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6920: recipe for target 'providers/fips.so' failed make[1]: *** [providers/fips.so] Error 1 make[1]: *** Waiting for unfinished jobs.... test/p_test-dso-p_test.o: In function `OSSL_provider_init': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:102: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:106: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:103: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:110: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:(.text+0xfd): undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:120: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: more undefined references to `__afl_prev_loc' follow test/p_test-dso-p_test.o: In function `p_get_param_types': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:41: undefined reference to `__afl_area_ptr' test/p_test-dso-p_test.o: In function `p_get_params': /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:47: undefined reference to `__afl_area_ptr' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:52: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:69: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:73: undefined reference to `__afl_prev_loc' /home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:74: undefined reference to `__afl_prev_loc' test/p_test-dso-p_test.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/test/p_test.c:83: more undefined references to `__afl_prev_loc' follow clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:6996: recipe for target 'test/p_test.so' failed make[1]: *** [test/p_test.so] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Tue Apr 30 09:38:23 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 30 Apr 2019 09:38:23 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-srp Message-ID: <1556617103.049720.7806.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-srp Commit log since last time: 555cbb328e Collapse ssl3_state_st (s3) into ssl_st Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-t_crl.d.tmp -MT crypto/x509/libcrypto-lib-t_crl.o -c -o crypto/x509/libcrypto-lib-t_crl.o ../openssl/crypto/x509/t_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-t_req.d.tmp -MT crypto/x509/libcrypto-lib-t_req.o -c -o crypto/x509/libcrypto-lib-t_req.o ../openssl/crypto/x509/t_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-t_x509.d.tmp -MT crypto/x509/libcrypto-lib-t_x509.o -c -o crypto/x509/libcrypto-lib-t_x509.o ../openssl/crypto/x509/t_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-pcy_cache.d.tmp -MT crypto/x509v3/libcrypto-lib-pcy_cache.o -c -o crypto/x509v3/libcrypto-lib-pcy_cache.o ../openssl/crypto/x509v3/pcy_cache.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-pcy_data.d.tmp -MT crypto/x509v3/libcrypto-lib-pcy_data.o -c -o crypto/x509v3/libcrypto-lib-pcy_data.o ../openssl/crypto/x509v3/pcy_data.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-pcy_lib.d.tmp -MT crypto/x509v3/libcrypto-lib-pcy_lib.o -c -o crypto/x509v3/libcrypto-lib-pcy_lib.o ../openssl/crypto/x509v3/pcy_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-pcy_map.d.tmp -MT crypto/x509v3/libcrypto-lib-pcy_map.o -c -o crypto/x509v3/libcrypto-lib-pcy_map.o ../openssl/crypto/x509v3/pcy_map.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-pcy_node.d.tmp -MT crypto/x509v3/libcrypto-lib-pcy_node.o -c -o crypto/x509v3/libcrypto-lib-pcy_node.o ../openssl/crypto/x509v3/pcy_node.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-pcy_tree.d.tmp -MT crypto/x509v3/libcrypto-lib-pcy_tree.o -c -o crypto/x509v3/libcrypto-lib-pcy_tree.o ../openssl/crypto/x509v3/pcy_tree.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_addr.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_addr.o -c -o crypto/x509v3/libcrypto-lib-v3_addr.o ../openssl/crypto/x509v3/v3_addr.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_admis.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_admis.o -c -o crypto/x509v3/libcrypto-lib-v3_admis.o ../openssl/crypto/x509v3/v3_admis.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_akey.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_akey.o -c -o crypto/x509v3/libcrypto-lib-v3_akey.o ../openssl/crypto/x509v3/v3_akey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_akeya.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_akeya.o -c -o crypto/x509v3/libcrypto-lib-v3_akeya.o ../openssl/crypto/x509v3/v3_akeya.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_alt.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_alt.o -c -o crypto/x509v3/libcrypto-lib-v3_alt.o ../openssl/crypto/x509v3/v3_alt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_asid.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_asid.o -c -o crypto/x509v3/libcrypto-lib-v3_asid.o ../openssl/crypto/x509v3/v3_asid.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_bcons.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_bcons.o -c -o crypto/x509v3/libcrypto-lib-v3_bcons.o ../openssl/crypto/x509v3/v3_bcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_bitst.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_bitst.o -c -o crypto/x509v3/libcrypto-lib-v3_bitst.o ../openssl/crypto/x509v3/v3_bitst.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_conf.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_conf.o -c -o crypto/x509v3/libcrypto-lib-v3_conf.o ../openssl/crypto/x509v3/v3_conf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_cpols.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_cpols.o -c -o crypto/x509v3/libcrypto-lib-v3_cpols.o ../openssl/crypto/x509v3/v3_cpols.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_crld.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_crld.o -c -o crypto/x509v3/libcrypto-lib-v3_crld.o ../openssl/crypto/x509v3/v3_crld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_enum.o -c -o crypto/x509v3/libcrypto-lib-v3_enum.o ../openssl/crypto/x509v3/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_extku.o -c -o crypto/x509v3/libcrypto-lib-v3_extku.o ../openssl/crypto/x509v3/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_genn.o -c -o crypto/x509v3/libcrypto-lib-v3_genn.o ../openssl/crypto/x509v3/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_ia5.o -c -o crypto/x509v3/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509v3/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_info.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_info.o -c -o crypto/x509v3/libcrypto-lib-v3_info.o ../openssl/crypto/x509v3/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_int.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_int.o -c -o crypto/x509v3/libcrypto-lib-v3_int.o ../openssl/crypto/x509v3/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_lib.o -c -o crypto/x509v3/libcrypto-lib-v3_lib.o ../openssl/crypto/x509v3/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_ncons.o -c -o crypto/x509v3/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509v3/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_pci.o -c -o crypto/x509v3/libcrypto-lib-v3_pci.o ../openssl/crypto/x509v3/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_pcia.o -c -o crypto/x509v3/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509v3/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_pcons.o -c -o crypto/x509v3/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509v3/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_pku.o -c -o crypto/x509v3/libcrypto-lib-v3_pku.o ../openssl/crypto/x509v3/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_pmaps.o -c -o crypto/x509v3/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509v3/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_prn.o -c -o crypto/x509v3/libcrypto-lib-v3_prn.o ../openssl/crypto/x509v3/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_purp.o -c -o crypto/x509v3/libcrypto-lib-v3_purp.o ../openssl/crypto/x509v3/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_skey.o -c -o crypto/x509v3/libcrypto-lib-v3_skey.o ../openssl/crypto/x509v3/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_sxnet.o -c -o crypto/x509v3/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509v3/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_tlsf.o -c -o crypto/x509v3/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509v3/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509v3/libcrypto-lib-v3_utl.o -c -o crypto/x509v3/libcrypto-lib-v3_utl.o ../openssl/crypto/x509v3/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF crypto/x509v3/libcrypto-lib-v3err.d.tmp -MT crypto/x509v3/libcrypto-lib-v3err.o -c -o crypto/x509v3/libcrypto-lib-v3err.o ../openssl/crypto/x509v3/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF providers/common/ciphers/libcrypto-lib-aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-aes.o -c -o providers/common/ciphers/libcrypto-lib-aes.o ../openssl/providers/common/ciphers/aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF providers/common/ciphers/libcrypto-lib-aes_basic.d.tmp -MT providers/common/ciphers/libcrypto-lib-aes_basic.o -c -o providers/common/ciphers/libcrypto-lib-aes_basic.o ../openssl/providers/common/ciphers/aes_basic.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF providers/common/digests/libcrypto-lib-sha2.d.tmp -MT providers/common/digests/libcrypto-lib-sha2.o -c -o providers/common/digests/libcrypto-lib-sha2.o ../openssl/providers/common/digests/sha2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/common/ciphers -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/common/ciphers -I../openssl/crypto -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF providers/default/libcrypto-lib-defltprov.d.tmp -MT providers/default/libcrypto-lib-defltprov.o -c -o providers/default/libcrypto-lib-defltprov.o ../openssl/providers/default/defltprov.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-bio_ssl.d.tmp -MT ssl/libssl-lib-bio_ssl.o -c -o ssl/libssl-lib-bio_ssl.o ../openssl/ssl/bio_ssl.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-d1_lib.d.tmp -MT ssl/libssl-lib-d1_lib.o -c -o ssl/libssl-lib-d1_lib.o ../openssl/ssl/d1_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-d1_msg.d.tmp -MT ssl/libssl-lib-d1_msg.o -c -o ssl/libssl-lib-d1_msg.o ../openssl/ssl/d1_msg.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-d1_srtp.d.tmp -MT ssl/libssl-lib-d1_srtp.o -c -o ssl/libssl-lib-d1_srtp.o ../openssl/ssl/d1_srtp.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-methods.d.tmp -MT ssl/libssl-lib-methods.o -c -o ssl/libssl-lib-methods.o ../openssl/ssl/methods.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-packet.d.tmp -MT ssl/libssl-lib-packet.o -c -o ssl/libssl-lib-packet.o ../openssl/ssl/packet.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-pqueue.d.tmp -MT ssl/libssl-lib-pqueue.o -c -o ssl/libssl-lib-pqueue.o ../openssl/ssl/pqueue.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-s3_cbc.d.tmp -MT ssl/libssl-lib-s3_cbc.o -c -o ssl/libssl-lib-s3_cbc.o ../openssl/ssl/s3_cbc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-s3_enc.d.tmp -MT ssl/libssl-lib-s3_enc.o -c -o ssl/libssl-lib-s3_enc.o ../openssl/ssl/s3_enc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-s3_lib.d.tmp -MT ssl/libssl-lib-s3_lib.o -c -o ssl/libssl-lib-s3_lib.o ../openssl/ssl/s3_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-s3_msg.d.tmp -MT ssl/libssl-lib-s3_msg.o -c -o ssl/libssl-lib-s3_msg.o ../openssl/ssl/s3_msg.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-ssl_asn1.d.tmp -MT ssl/libssl-lib-ssl_asn1.o -c -o ssl/libssl-lib-ssl_asn1.o ../openssl/ssl/ssl_asn1.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wno-unknown-warning-option -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -MMD -MF ssl/libssl-lib-ssl_cert.d.tmp -MT ssl/libssl-lib-ssl_cert.o -c -o ssl/libssl-lib-ssl_cert.o ../openssl/ssl/ssl_cert.c ../openssl/ssl/s3_lib.c:3305:2: error: unused label 'err' [-Werror,-Wunused-label] err: ^~~~ 1 error generated. Makefile:12336: recipe for target 'ssl/libssl-lib-s3_lib.o' failed make[1]: *** [ssl/libssl-lib-s3_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-srp' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Tue Apr 30 09:55:52 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 30 Apr 2019 09:55:52 +0000 Subject: [openssl] master update Message-ID: <1556618152.238610.1890.nullmailer@dev.openssl.org> The branch master has been updated via 8f0dd6d9eec0e52feb1b19725c7134684bff28bc (commit) from 8094a6945873f492fe40c88b966b86629bc6c6d7 (commit) - Log ----------------------------------------------------------------- commit 8f0dd6d9eec0e52feb1b19725c7134684bff28bc Author: Richard Levitte Date: Tue Apr 30 10:33:55 2019 +0200 Configure: process shared-info.pl later The reason is that the shared-info attributes may depend on %disabled, so we need to process all enablings/disablings first. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8846) ----------------------------------------------------------------------- Summary of changes: Configure | 81 +++++++++++++++++++++++++++++++++------------------------------ 1 file changed, 42 insertions(+), 39 deletions(-) diff --git a/Configure b/Configure index 8b6d237..480837c 100755 --- a/Configure +++ b/Configure @@ -1110,44 +1110,6 @@ foreach (keys %target_attr_translate) { %target = ( %{$table{DEFAULTS}}, %target ); -# Make the flags to build DSOs the same as for shared libraries unless they -# are already defined -$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; -$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; -$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; -{ - my $shared_info_pl = - catfile(dirname($0), "Configurations", "shared-info.pl"); - my %shared_info = read_eval_file($shared_info_pl); - push @{$target{_conf_fname_int}}, $shared_info_pl; - my $si = $target{shared_target}; - while (ref $si ne "HASH") { - last if ! defined $si; - if (ref $si eq "CODE") { - $si = $si->(); - } else { - $si = $shared_info{$si}; - } - } - - # Some of the 'shared_target' values don't have any entried in - # %shared_info. That's perfectly fine, AS LONG AS the build file - # template knows how to handle this. That is currently the case for - # Windows and VMS. - if (defined $si) { - # Just as above, copy certain shared_* attributes to the corresponding - # module_ attribute unless the latter is already defined - $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags}; - $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags}; - $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags}; - foreach (sort keys %$si) { - $target{$_} = defined $target{$_} - ? add($si->{$_})->($target{$_}) - : $si->{$_}; - } - } -} - my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); $config{conf_files} = [ sort keys %conf_files ]; @@ -1687,7 +1649,48 @@ unless ($disabled{ktls}) { push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls}); -# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON +# Get the extra flags used when building shared libraries and modules. We +# do this late because some of them depend on %disabled. + +# Make the flags to build DSOs the same as for shared libraries unless they +# are already defined +$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; +$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; +$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; +{ + my $shared_info_pl = + catfile(dirname($0), "Configurations", "shared-info.pl"); + my %shared_info = read_eval_file($shared_info_pl); + push @{$target{_conf_fname_int}}, $shared_info_pl; + my $si = $target{shared_target}; + while (ref $si ne "HASH") { + last if ! defined $si; + if (ref $si eq "CODE") { + $si = $si->(); + } else { + $si = $shared_info{$si}; + } + } + + # Some of the 'shared_target' values don't have any entries in + # %shared_info. That's perfectly fine, AS LONG AS the build file + # template knows how to handle this. That is currently the case for + # Windows and VMS. + if (defined $si) { + # Just as above, copy certain shared_* attributes to the corresponding + # module_ attribute unless the latter is already defined + $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags}; + $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags}; + $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags}; + foreach (sort keys %$si) { + $target{$_} = defined $target{$_} + ? add($si->{$_})->($target{$_}) + : $si->{$_}; + } + } +} + +# ALL MODIFICATIONS TO %disabled, %config and %target MUST BE DONE FROM HERE ON # If we use the unified build, collect information from build.info files my %unified_info = (); From levitte at openssl.org Tue Apr 30 09:56:26 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 30 Apr 2019 09:56:26 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1556618186.580679.2839.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7216e9a20aee620d85185a6ddb8caa30f11f2192 (commit) from 57aac8b59d413ba04eede6e206550cbd660f7324 (commit) - Log ----------------------------------------------------------------- commit 7216e9a20aee620d85185a6ddb8caa30f11f2192 Author: Richard Levitte Date: Tue Apr 30 10:33:55 2019 +0200 Configure: process shared-info.pl later The reason is that the shared-info attributes may depend on %disabled, so we need to process all enablings/disablings first. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8846) (cherry picked from commit 8f0dd6d9eec0e52feb1b19725c7134684bff28bc) ----------------------------------------------------------------------- Summary of changes: Configure | 81 +++++++++++++++++++++++++++++++++------------------------------ 1 file changed, 42 insertions(+), 39 deletions(-) diff --git a/Configure b/Configure index 1c804cb..9796084 100755 --- a/Configure +++ b/Configure @@ -1078,44 +1078,6 @@ foreach (keys %target_attr_translate) { %target = ( %{$table{DEFAULTS}}, %target ); -# Make the flags to build DSOs the same as for shared libraries unless they -# are already defined -$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; -$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; -$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; -{ - my $shared_info_pl = - catfile(dirname($0), "Configurations", "shared-info.pl"); - my %shared_info = read_eval_file($shared_info_pl); - push @{$target{_conf_fname_int}}, $shared_info_pl; - my $si = $target{shared_target}; - while (ref $si ne "HASH") { - last if ! defined $si; - if (ref $si eq "CODE") { - $si = $si->(); - } else { - $si = $shared_info{$si}; - } - } - - # Some of the 'shared_target' values don't have any entried in - # %shared_info. That's perfectly fine, AS LONG AS the build file - # template knows how to handle this. That is currently the case for - # Windows and VMS. - if (defined $si) { - # Just as above, copy certain shared_* attributes to the corresponding - # module_ attribute unless the latter is already defined - $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags}; - $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags}; - $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags}; - foreach (sort keys %$si) { - $target{$_} = defined $target{$_} - ? add($si->{$_})->($target{$_}) - : $si->{$_}; - } - } -} - my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); $config{conf_files} = [ sort keys %conf_files ]; @@ -1621,7 +1583,48 @@ unless ($disabled{afalgeng}) { push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng}); -# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON +# Get the extra flags used when building shared libraries and modules. We +# do this late because some of them depend on %disabled. + +# Make the flags to build DSOs the same as for shared libraries unless they +# are already defined +$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; +$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; +$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; +{ + my $shared_info_pl = + catfile(dirname($0), "Configurations", "shared-info.pl"); + my %shared_info = read_eval_file($shared_info_pl); + push @{$target{_conf_fname_int}}, $shared_info_pl; + my $si = $target{shared_target}; + while (ref $si ne "HASH") { + last if ! defined $si; + if (ref $si eq "CODE") { + $si = $si->(); + } else { + $si = $shared_info{$si}; + } + } + + # Some of the 'shared_target' values don't have any entries in + # %shared_info. That's perfectly fine, AS LONG AS the build file + # template knows how to handle this. That is currently the case for + # Windows and VMS. + if (defined $si) { + # Just as above, copy certain shared_* attributes to the corresponding + # module_ attribute unless the latter is already defined + $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags}; + $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags}; + $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags}; + foreach (sort keys %$si) { + $target{$_} = defined $target{$_} + ? add($si->{$_})->($target{$_}) + : $si->{$_}; + } + } +} + +# ALL MODIFICATIONS TO %disabled, %config and %target MUST BE DONE FROM HERE ON # If we use the unified build, collect information from build.info files my %unified_info = (); From builds at travis-ci.org Tue Apr 30 10:20:21 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Apr 2019 10:20:21 +0000 Subject: Still Failing: openssl/openssl#24951 (master - 8f0dd6d) In-Reply-To: Message-ID: <5cc82164e05da_43ff5b9f4bd18134665@ea3ac700-8b18-4843-9621-48d521fbfa00.mail> Build Update for openssl/openssl ------------------------------------- Build: #24951 Status: Still Failing Duration: 23 mins and 52 secs Commit: 8f0dd6d (master) Author: Richard Levitte Message: Configure: process shared-info.pl later The reason is that the shared-info attributes may depend on %disabled, so we need to process all enablings/disablings first. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8846) View the changeset: https://github.com/openssl/openssl/compare/8094a6945873...8f0dd6d9eec0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526359560?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 30 10:32:06 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Apr 2019 10:32:06 +0000 Subject: Still Failing: openssl/openssl#24952 (OpenSSL_1_1_1-stable - 7216e9a) In-Reply-To: Message-ID: <5cc82425c2fe0_43f93fa0223f8294911@e9d40548-f9fc-4714-9087-12f5e84268fd.mail> Build Update for openssl/openssl ------------------------------------- Build: #24952 Status: Still Failing Duration: 22 mins and 7 secs Commit: 7216e9a (OpenSSL_1_1_1-stable) Author: Richard Levitte Message: Configure: process shared-info.pl later The reason is that the shared-info attributes may depend on %disabled, so we need to process all enablings/disablings first. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8846) (cherry picked from commit 8f0dd6d9eec0e52feb1b19725c7134684bff28bc) View the changeset: https://github.com/openssl/openssl/compare/57aac8b59d41...7216e9a20aee View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526359884?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Tue Apr 30 12:02:30 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 30 Apr 2019 12:02:30 +0000 Subject: [openssl] master update Message-ID: <1556625750.206689.29722.nullmailer@dev.openssl.org> The branch master has been updated via 96384e613ae7092fb6f63daa69a9601d128416b2 (commit) from 8f0dd6d9eec0e52feb1b19725c7134684bff28bc (commit) - Log ----------------------------------------------------------------- commit 96384e613ae7092fb6f63daa69a9601d128416b2 Author: Dr. Matthias St. Pierre Date: Mon Apr 29 19:12:38 2019 +0200 FIPS: Fix compiler errors in rsa_chk.c when building with `-DFIPS_MODE` Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8843) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_chk.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 4f65dfa..96a13b3 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -25,11 +25,9 @@ int RSA_check_key(const RSA *key) int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) { #ifdef FIPS_MODE - if (!(rsa_sp800_56b_check_public(key) - && rsa_sp800_56b_check_private(key) - && rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key)) - return 0; - + return rsa_sp800_56b_check_public(key) + && rsa_sp800_56b_check_private(key) + && rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key)); #else BIGNUM *i, *j, *k, *l, *m; BN_CTX *ctx; From builds at travis-ci.org Tue Apr 30 12:26:10 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Apr 2019 12:26:10 +0000 Subject: Errored: openssl/openssl#24957 (master - 96384e6) In-Reply-To: Message-ID: <5cc83ee1b39cf_43f8eecac79d890282@bf3780d6-17ac-46ac-9c28-a75ffb75637e.mail> Build Update for openssl/openssl ------------------------------------- Build: #24957 Status: Errored Duration: 23 mins and 8 secs Commit: 96384e6 (master) Author: Dr. Matthias St. Pierre Message: FIPS: Fix compiler errors in rsa_chk.c when building with `-DFIPS_MODE` Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8843) View the changeset: https://github.com/openssl/openssl/compare/8f0dd6d9eec0...96384e613ae7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526402446?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Apr 30 13:30:34 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 30 Apr 2019 13:30:34 +0000 Subject: [openssl] master update Message-ID: <1556631034.638355.6724.nullmailer@dev.openssl.org> The branch master has been updated via f79858ac4d90a450d0620d1ecb713bc35d7d9f8d (commit) from 96384e613ae7092fb6f63daa69a9601d128416b2 (commit) - Log ----------------------------------------------------------------- commit f79858ac4d90a450d0620d1ecb713bc35d7d9f8d Author: Richard Levitte Date: Tue Apr 30 14:01:52 2019 +0200 Replumbing: make the oneshot proider cipher function like the others The OP_cipher_final function takes a return output size and an output buffer size argument. The oneshot OP_cipher_cipher function should do the same. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8849) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_lib.c | 8 +++++++- include/openssl/core_numbers.h | 5 +++-- providers/common/ciphers/aes.c | 11 +++++++++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 189c953..34b9382 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -232,8 +232,14 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { if (ctx->cipher->prov != NULL) { + size_t outl = 0; /* ignored */ + int blocksize = EVP_CIPHER_CTX_block_size(ctx); + if (ctx->cipher->ccipher != NULL) - return ctx->cipher->ccipher(ctx->provctx, out, in, (size_t)inl); + return + ctx->cipher->ccipher(ctx->provctx, out, &outl, + inl + (blocksize == 1 ? 0 : blocksize), + in, (size_t)inl); return 0; } diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index d588886..74b3fdf 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -140,8 +140,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_update, OSSL_CORE_MAKE_FUNC(int, OP_cipher_final, (void *, unsigned char *out, size_t *outl, size_t outsize)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher, - (void *, unsigned char *out, const unsigned char *in, - size_t inl)) + (void *, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void)) diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index 5c6e670..2e93461 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -235,16 +235,23 @@ static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl, return 1; } -static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in, - size_t inl) +static int aes_cipher(void *vctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; + if (outsize < inl) { + PROVerr(PROV_F_AES_CIPHER, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (!ctx->ciph->cipher(ctx, out, in, inl)) { PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED); return 0; } + *outl = inl; return 1; } From levitte at openssl.org Tue Apr 30 13:54:24 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 30 Apr 2019 13:54:24 +0000 Subject: [openssl] master update Message-ID: <1556632464.168779.17588.nullmailer@dev.openssl.org> The branch master has been updated via a39eb84006ca68d38d1c7204a6135647d06b5d01 (commit) from f79858ac4d90a450d0620d1ecb713bc35d7d9f8d (commit) - Log ----------------------------------------------------------------- commit a39eb84006ca68d38d1c7204a6135647d06b5d01 Author: Richard Levitte Date: Tue Apr 30 13:41:51 2019 +0200 Replumbing: give the possibility for the provider to create a context OSSL_provider_init() gets another output parameter, holding a pointer to a provider side context. It's entirely up to the provider to define the context and what it's being used for. This pointer is passed back to other provider functions, typically the provider global get_params and set_params functions, and also the diverse algorithm context creators, and of course, the teardown function. With this, a provider can be instantiated more than once, or be re-loaded as the case may be, while maintaining instance state. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8848) ----------------------------------------------------------------------- Summary of changes: crypto/evp/digest.c | 2 +- crypto/evp/evp_enc.c | 2 +- crypto/provider_core.c | 23 +++++++++++---- doc/internal/man3/ossl_provider_new.pod | 9 +++++- include/internal/provider.h | 3 ++ include/openssl/core.h | 6 +++- include/openssl/core_numbers.h | 50 +++++++++++++++++---------------- providers/common/ciphers/aes.c | 2 +- providers/common/digests/sha2.c | 2 +- providers/default/defltprov.c | 3 +- providers/fips/fipsprov.c | 3 +- providers/legacy/legacyprov.c | 3 +- test/p_test.c | 15 ++++++++-- 13 files changed, 81 insertions(+), 42 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 043e456..9b10a7f 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -172,7 +172,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->digest = type; if (ctx->provctx == NULL) { - ctx->provctx = ctx->digest->newctx(); + ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov)); if (ctx->provctx == NULL) { EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 676eaab..d7ba7dd 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -206,7 +206,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->cipher = cipher; if (ctx->provctx == NULL) { - ctx->provctx = ctx->cipher->newctx(); + ctx->provctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov)); if (ctx->provctx == NULL) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 9f4c017..2d74f6d 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -54,6 +54,9 @@ struct ossl_provider_st { OSSL_provider_get_param_types_fn *get_param_types; OSSL_provider_get_params_fn *get_params; OSSL_provider_query_operation_fn *query_operation; + + /* Provider side data */ + void *provctx; }; DEFINE_STACK_OF(OSSL_PROVIDER) @@ -275,7 +278,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov) */ if (ref < 2 && prov->flag_initialized) { if (prov->teardown != NULL) - prov->teardown(); + prov->teardown(prov->provctx); prov->flag_initialized = 0; } @@ -401,7 +404,8 @@ static int provider_activate(OSSL_PROVIDER *prov) } if (prov->init_function == NULL - || !prov->init_function(prov, core_dispatch, &provider_dispatch)) { + || !prov->init_function(prov, core_dispatch, &provider_dispatch, + &prov->provctx)) { CRYPTOerr(CRYPTO_F_PROVIDER_ACTIVATE, ERR_R_INIT_FAIL); ERR_add_error_data(2, "name=", prov->name); DSO_free(prov->module); @@ -448,6 +452,11 @@ int ossl_provider_activate(OSSL_PROVIDER *prov) return 0; } +void *ossl_provider_ctx(const OSSL_PROVIDER *prov) +{ + return prov->provctx; +} + static int provider_forall_loaded(struct provider_store_st *store, int *found_activated, @@ -573,18 +582,20 @@ const char *ossl_provider_module_path(OSSL_PROVIDER *prov) void ossl_provider_teardown(const OSSL_PROVIDER *prov) { if (prov->teardown != NULL) - prov->teardown(); + prov->teardown(prov->provctx); } const OSSL_ITEM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov) { - return prov->get_param_types == NULL ? NULL : prov->get_param_types(prov); + return prov->get_param_types == NULL + ? NULL : prov->get_param_types(prov->provctx); } int ossl_provider_get_params(const OSSL_PROVIDER *prov, const OSSL_PARAM params[]) { - return prov->get_params == NULL ? 0 : prov->get_params(prov, params); + return prov->get_params == NULL + ? 0 : prov->get_params(prov->provctx, params); } @@ -592,7 +603,7 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache) { - return prov->query_operation(prov, operation_id, no_cache); + return prov->query_operation(prov->provctx, operation_id, no_cache); } /*- diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index aa984c9..0453508 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -5,7 +5,7 @@ ossl_provider_find, ossl_provider_new, ossl_provider_upref, ossl_provider_free, ossl_provider_add_module_location, ossl_provider_set_fallback, ossl_provider_activate, -ossl_provider_forall_loaded, +ossl_provider_ctx, ossl_provider_forall_loaded, ossl_provider_name, ossl_provider_dso, ossl_provider_module_name, ossl_provider_module_path, ossl_provider_teardown, ossl_provider_get_param_types, @@ -29,6 +29,9 @@ ossl_provider_get_params, ossl_provider_query_operation /* Load and initialize the Provider */ int ossl_provider_activate(OSSL_PROVIDER *prov); + /* Return pointer to the provider's context */ + void *ossl_provider_ctx(const OSSL_PROVIDER *prov); + /* Iterate over all loaded providers */ int ossl_provider_forall_loaded(OPENSSL_CTX *, int (*cb)(OSSL_PROVIDER *provider, @@ -121,6 +124,10 @@ be located in that module, and called. =back +ossl_provider_ctx() returns a context created by the provider. +Outside of the provider, it's completely opaque, but it needs to be +passed back to some of the provider functions. + ossl_provider_forall_loaded() iterates over all the currently "activated" providers, and calls C for each of them. If no providers have been "activated" yet, it tries to activate all diff --git a/include/internal/provider.h b/include/internal/provider.h index 4966cc2..7b05313 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -45,6 +45,9 @@ int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name, */ int ossl_provider_activate(OSSL_PROVIDER *prov); +/* Return pointer to the provider's context */ +void *ossl_provider_ctx(const OSSL_PROVIDER *prov); + /* Iterate over all loaded providers */ int ossl_provider_forall_loaded(OPENSSL_CTX *, int (*cb)(OSSL_PROVIDER *provider, diff --git a/include/openssl/core.h b/include/openssl/core.h index 2855b6d..cf4d3f4 100644 --- a/include/openssl/core.h +++ b/include/openssl/core.h @@ -157,10 +157,14 @@ struct ossl_param_st { * |in| is the array of functions that the Core passes to the provider. * |out| will be the array of base functions that the provider passes * back to the Core. + * |provctx| a provider side context object, optionally created if the + * provider needs it. This value is passed to other provider + * functions, notably other context constructors. */ typedef int (OSSL_provider_init_fn)(const OSSL_PROVIDER *provider, const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out); + const OSSL_DISPATCH **out, + void **provctx); # ifdef __VMS # pragma names save # pragma names uppercase,truncated diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 74b3fdf..8ce00c3 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -60,17 +60,16 @@ OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_PROVIDER *prov, /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 -OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void)) +OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) # define OSSL_FUNC_PROVIDER_GET_PARAM_TYPES 1025 OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *, - provider_get_param_types,(const OSSL_PROVIDER *prov)) + provider_get_param_types,(void *provctx)) # define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 -OSSL_CORE_MAKE_FUNC(int,provider_get_params,(const OSSL_PROVIDER *prov, +OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, const OSSL_PARAM params[])) # define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, - (const OSSL_PROVIDER *, int operation_id, - const int *no_store)) + (void *provctx, int operation_id, const int *no_store)) /* Digests */ @@ -87,19 +86,20 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, # define OSSL_FUNC_DIGEST_BLOCK_SIZE 9 -OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void)) -OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *vctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *dctx)) OSSL_CORE_MAKE_FUNC(int, OP_digest_update, - (void *, const unsigned char *in, size_t inl)) + (void *dctx, const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(int, OP_digest_final, - (void *, unsigned char *out, size_t *outl, size_t outsz)) + (void *dctx, + unsigned char *out, size_t *outl, size_t outsz)) OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, - (const unsigned char *in, size_t inl, unsigned char *out, - size_t *out_l, size_t outsz)) + (void *provctx, const unsigned char *in, size_t inl, + unsigned char *out, size_t *out_l, size_t outsz)) -OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *vctx)) -OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *vctx)) -OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *vctx)) +OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *dctx)) +OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *dctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *dctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) @@ -123,35 +123,37 @@ OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) # define OSSL_FUNC_CIPHER_CTX_GET_PARAMS 13 # define OSSL_FUNC_CIPHER_CTX_SET_PARAMS 14 -OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void)) -OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *vctx, +OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *cctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen)) -OSSL_CORE_MAKE_FUNC(int, OP_cipher_decrypt_init, (void *vctx, +OSSL_CORE_MAKE_FUNC(int, OP_cipher_decrypt_init, (void *cctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_update, - (void *, unsigned char *out, size_t *outl, size_t outsize, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_final, - (void *, unsigned char *out, size_t *outl, size_t outsize)) + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher, - (void *, + (void *cctx, unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl)) -OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *vctx)) -OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *vctx)) +OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *cctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *cctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void)) OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_iv_length, (void)) OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_block_size, (void)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *vctx, +OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx, const OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *vctx, +OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx, const OSSL_PARAM params[])) diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index 2e93461..8d91ff4 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -270,7 +270,7 @@ static int aes_cipher(void *vctx, #define IMPLEMENT_new_ctx(lcmode, UCMODE, len) \ static OSSL_OP_cipher_newctx_fn aes_##len##_##lcmode##_newctx; \ - static void *aes_##len##_##lcmode##_newctx(void) \ + static void *aes_##len##_##lcmode##_newctx(void *provctx) \ { \ PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ \ diff --git a/providers/common/digests/sha2.c b/providers/common/digests/sha2.c index c9f616d..5b219ab 100644 --- a/providers/common/digests/sha2.c +++ b/providers/common/digests/sha2.c @@ -40,7 +40,7 @@ static int sha256_final(void *ctx, return 0; } -static void *sha256_newctx(void) +static void *sha256_newctx(void *provctx) { SHA256_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index cba2dcc..95b2abf 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -106,7 +106,8 @@ OSSL_provider_init_fn ossl_default_provider_init; int ossl_default_provider_init(const OSSL_PROVIDER *provider, const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out) + const OSSL_DISPATCH **out, + void **provctx) { for (; in->function_id != 0; in++) { switch (in->function_id) { diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index d3671b5..1b83163 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -78,7 +78,8 @@ static const OSSL_DISPATCH fips_dispatch_table[] = { int OSSL_provider_init(const OSSL_PROVIDER *provider, const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out) + const OSSL_DISPATCH **out, + void **provctx) { for (; in->function_id != 0; in++) { switch (in->function_id) { diff --git a/providers/legacy/legacyprov.c b/providers/legacy/legacyprov.c index 48e8933..2d42229 100644 --- a/providers/legacy/legacyprov.c +++ b/providers/legacy/legacyprov.c @@ -80,7 +80,8 @@ static const OSSL_DISPATCH legacy_dispatch_table[] = { int OSSL_provider_init(const OSSL_PROVIDER *provider, const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out) + const OSSL_DISPATCH **out, + void **provctx) { for (; in->function_id != 0; in++) { switch (in->function_id) { diff --git a/test/p_test.c b/test/p_test.c index bf13a0a..93196f7 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -38,13 +38,18 @@ static const OSSL_ITEM p_param_types[] = { { 0, NULL } }; -static const OSSL_ITEM *p_get_param_types(const OSSL_PROVIDER *_) +/* This is a trick to ensure we define the provider functions correctly */ +static OSSL_provider_get_param_types_fn p_get_param_types; +static OSSL_provider_get_params_fn p_get_params; + +static const OSSL_ITEM *p_get_param_types(void *_) { return p_param_types; } -static int p_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) +static int p_get_params(void *vprov, const OSSL_PARAM params[]) { + const OSSL_PROVIDER *prov = vprov; const OSSL_PARAM *p = params; int ok = 1; @@ -101,7 +106,8 @@ static const OSSL_DISPATCH p_test_table[] = { int OSSL_provider_init(const OSSL_PROVIDER *provider, const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out) + const OSSL_DISPATCH **out, + void **provctx) { for (; in->function_id != 0; in++) { switch (in->function_id) { @@ -117,6 +123,9 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, } } + /* Because we use this in get_params, we need to pass it back */ + *provctx = (void *)provider; + *out = p_test_table; return 1; } From builds at travis-ci.org Tue Apr 30 13:53:40 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Apr 2019 13:53:40 +0000 Subject: Failed: openssl/openssl#24964 (master - f79858a) In-Reply-To: Message-ID: <5cc85364a33c9_43f93f4cd027c3297a2@e9d40548-f9fc-4714-9087-12f5e84268fd.mail> Build Update for openssl/openssl ------------------------------------- Build: #24964 Status: Failed Duration: 22 mins and 30 secs Commit: f79858a (master) Author: Richard Levitte Message: Replumbing: make the oneshot proider cipher function like the others The OP_cipher_final function takes a return output size and an output buffer size argument. The oneshot OP_cipher_cipher function should do the same. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8849) View the changeset: https://github.com/openssl/openssl/compare/96384e613ae7...f79858ac4d90 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526438193?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Apr 30 14:13:54 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Apr 2019 14:13:54 +0000 Subject: Still Failing: openssl/openssl#24966 (master - a39eb84) In-Reply-To: Message-ID: <5cc858223f4eb_43fc427c280a091126@55687a88-fa07-497a-8955-4a8242feaef1.mail> Build Update for openssl/openssl ------------------------------------- Build: #24966 Status: Still Failing Duration: 18 mins and 56 secs Commit: a39eb84 (master) Author: Richard Levitte Message: Replumbing: give the possibility for the provider to create a context OSSL_provider_init() gets another output parameter, holding a pointer to a provider side context. It's entirely up to the provider to define the context and what it's being used for. This pointer is passed back to other provider functions, typically the provider global get_params and set_params functions, and also the diverse algorithm context creators, and of course, the teardown function. With this, a provider can be instantiated more than once, or be re-loaded as the case may be, while maintaining instance state. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8848) View the changeset: https://github.com/openssl/openssl/compare/f79858ac4d90...a39eb84006ca View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526449016?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Apr 30 15:00:23 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 30 Apr 2019 15:00:23 +0000 Subject: Build failed: openssl master.24366 Message-ID: <20190430150023.1.535DD30D2BA2578B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Apr 30 19:38:20 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 30 Apr 2019 19:38:20 +0000 Subject: Build failed: openssl master.24371 Message-ID: <20190430193820.1.DD260F08307B40E4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Apr 30 21:17:55 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 30 Apr 2019 21:17:55 +0000 Subject: Build failed: openssl master.24373 Message-ID: <20190430211755.1.037C831561634555@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Apr 30 22:37:45 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 30 Apr 2019 22:37:45 +0000 Subject: [openssl] master update Message-ID: <1556663865.013291.12976.nullmailer@dev.openssl.org> The branch master has been updated via 39147079fc41b1af9a4e2974e89de20668e02aea (commit) from a39eb84006ca68d38d1c7204a6135647d06b5d01 (commit) - Log ----------------------------------------------------------------- commit 39147079fc41b1af9a4e2974e89de20668e02aea Author: Pauli Date: Tue Apr 30 20:36:16 2019 +1000 Structure alignment macro. Introduce a macro that allows all structure alignment tricks to be rolled up into a single place. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8845) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 25 +++++++++++++------------ crypto/evp/e_aria.c | 6 +++--- crypto/evp/e_chacha20_poly1305.c | 4 ++-- crypto/evp/e_des.c | 4 ++-- crypto/evp/e_des3.c | 4 ++-- include/internal/cryptlib.h | 12 +++++++++++- providers/common/ciphers/ciphers_locl.h | 6 ++++-- ssl/s3_cbc.c | 4 ++-- 8 files changed, 39 insertions(+), 26 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 4f98cdc..16ffe4d 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -15,6 +15,7 @@ #include #include #include "internal/evp_int.h" +#include "internal/cryptlib.h" #include "modes_lcl.h" #include #include @@ -22,7 +23,7 @@ typedef struct { union { - double align; + OSSL_UNION_ALIGN; AES_KEY ks; } ks; block128_f block; @@ -34,7 +35,7 @@ typedef struct { typedef struct { union { - double align; + OSSL_UNION_ALIGN; AES_KEY ks; } ks; /* AES key schedule to use */ int key_set; /* Set if key initialised */ @@ -52,7 +53,7 @@ typedef struct { typedef struct { union { - double align; + OSSL_UNION_ALIGN; AES_KEY ks; } ks1, ks2; /* AES key schedules to use */ XTS128_CONTEXT xts; @@ -64,7 +65,7 @@ typedef struct { typedef struct { union { - double align; + OSSL_UNION_ALIGN; AES_KEY ks; } ks; /* AES key schedule to use */ int key_set; /* Set if key initialised */ @@ -80,11 +81,11 @@ typedef struct { #ifndef OPENSSL_NO_OCB typedef struct { union { - double align; + OSSL_UNION_ALIGN; AES_KEY ks; } ksenc; /* AES key schedule to use for encryption */ union { - double align; + OSSL_UNION_ALIGN; AES_KEY ks; } ksdec; /* AES key schedule to use for decryption */ int key_set; /* Set if key initialised */ @@ -1008,7 +1009,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ typedef struct { union { - double align; + OSSL_UNION_ALIGN; /*- * KM-AES parameter block - begin * (see z/Architecture Principles of Operation >= SA22-7832-06) @@ -1023,7 +1024,7 @@ typedef struct { typedef struct { union { - double align; + OSSL_UNION_ALIGN; /*- * KMO-AES parameter block - begin * (see z/Architecture Principles of Operation >= SA22-7832-08) @@ -1041,7 +1042,7 @@ typedef struct { typedef struct { union { - double align; + OSSL_UNION_ALIGN; /*- * KMF-AES parameter block - begin * (see z/Architecture Principles of Operation >= SA22-7832-08) @@ -1059,7 +1060,7 @@ typedef struct { typedef struct { union { - double align; + OSSL_UNION_ALIGN; /*- * KMA-GCM-AES parameter block - begin * (see z/Architecture Principles of Operation >= SA22-7832-11) @@ -1108,7 +1109,7 @@ typedef struct { typedef struct { union { - double align; + OSSL_UNION_ALIGN; /*- * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's @@ -3853,7 +3854,7 @@ BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, typedef struct { union { - double align; + OSSL_UNION_ALIGN; AES_KEY ks; } ks; /* Indicates if IV has been set */ diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index 8828494..5404dd4 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -27,7 +27,7 @@ typedef struct { /* ARIA GCM context */ typedef struct { union { - double align; + OSSL_UNION_ALIGN; ARIA_KEY ks; } ks; /* ARIA subkey to use */ int key_set; /* Set if key initialised */ @@ -43,7 +43,7 @@ typedef struct { /* ARIA CCM context */ typedef struct { union { - double align; + OSSL_UNION_ALIGN; ARIA_KEY ks; } ks; /* ARIA key schedule to use */ int key_set; /* Set if key initialised */ diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 3790200..ccef031 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,7 +20,7 @@ typedef struct { union { - double align; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ + OSSL_UNION_ALIGN; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ unsigned int d[CHACHA_KEY_SIZE / 4]; } key; unsigned int counter[CHACHA_CTR_SIZE / 4]; diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index e7486cb..0d8e90c 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ typedef struct { union { - double align; + OSSL_UNION_ALIGN; DES_key_schedule ks; } ks; union { diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index aeaae5f..6177659 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ typedef struct { union { - double align; + OSSL_UNION_ALIGN; DES_key_schedule ks[3]; } ks; union { diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 28fd96e..e791245 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,6 +42,16 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, #endif +/* + * Use this inside a union with the field that needs to be aligned to a + * reasonable boundary for the platform. The most pessimistic alignment + * of the listed types will be used by the compiler. + */ +# define OSSL_UNION_ALIGN \ + double align; \ + ossl_uintmax_t align_int; \ + void *align_ptr + typedef struct ex_callback_st EX_CALLBACK; DEFINE_STACK_OF(EX_CALLBACK) diff --git a/providers/common/ciphers/ciphers_locl.h b/providers/common/ciphers/ciphers_locl.h index a874bbf..49248f0 100644 --- a/providers/common/ciphers/ciphers_locl.h +++ b/providers/common/ciphers/ciphers_locl.h @@ -1,3 +1,4 @@ + /* * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * @@ -9,12 +10,13 @@ #include #include +#include "internal/cryptlib.h" typedef struct prov_aes_cipher_st PROV_AES_CIPHER; typedef struct prov_aes_key_st { union { - double align; + OSSL_UNION_ALIGN; AES_KEY ks; } ks; block128_f block; @@ -29,7 +31,7 @@ typedef struct prov_aes_key_st { #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) struct { union { - double align; + OSSL_UNION_ALIGN; /*- * KM-AES parameter block - begin * (see z/Architecture Principles of Operation >= SA22-7832-06) diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 8e71a65..056fb1f 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -136,7 +136,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, size_t mac_secret_length, char is_sslv3) { union { - double align; + OSSL_UNION_ALIGN; unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; void (*md_final_raw) (void *ctx, unsigned char *md_out); From builds at travis-ci.org Tue Apr 30 22:58:13 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 30 Apr 2019 22:58:13 +0000 Subject: Still Failing: openssl/openssl#24971 (master - 3914707) In-Reply-To: Message-ID: <5cc8d305a2ff2_43ff5b90da78453002a@ea3ac700-8b18-4843-9621-48d521fbfa00.mail> Build Update for openssl/openssl ------------------------------------- Build: #24971 Status: Still Failing Duration: 19 mins and 52 secs Commit: 3914707 (master) Author: Pauli Message: Structure alignment macro. Introduce a macro that allows all structure alignment tricks to be rolled up into a single place. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8845) View the changeset: https://github.com/openssl/openssl/compare/a39eb84006ca...39147079fc41 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526659371?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Apr 30 23:33:58 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 30 Apr 2019 23:33:58 +0000 Subject: Build completed: openssl master.24374 Message-ID: <20190430233358.1.8E36A3F29E5B42C2@appveyor.com> An HTML attachment was scrubbed... URL: